Ken Munro of Pen Test Partners describes his investigation of the AGA Total Control oven, which can be controlled remotely with an app, via GSM. Munro found that:
According to the researcher,
Disclosure was a train wreck. We tried Twitter, every email address we could find and then rang them up. No response to any of the messages we left.
additional coverage:
(Score: 0) by Anonymous Coward on Friday April 14 2017, @10:36PM (1 child)
The post seems, somewhat, like English, but I can't make out a single notion out of it.
(Score: 5, Informative) by butthurt on Saturday April 15 2017, @12:31AM
Explainer:
app: software that runs on a tablet computer or mobile phone
GSM: a widely used protocol for cellular networks
HTTP: the original protocol for the WWW, which doesn't have encryption, hence is easily intercepted or tampered with
SSL: protocol for the WWW which does have encryption
"there was a potential for telephone numbers associated with the ovens to be enumerated": an attacker could find out what telephone numbers are being used with the ovens
"the control system could be misused to send SMS messages to mobile phones": someone could use AGA's site to send harassing or spammy text messages to people's mobiles
You may also check the stories on BBC News and The Inquirer.