Stories
Slash Boxes
Comments

SoylentNews is people

Vulnerabilities in AGA Total Control Electric Oven

posted by mrpg on Friday April 14 2017, @10:20PM   Printer-friendly
from the color-me-unimpressed dept.

butthurt writes:

Ken Munro of Pen Test Partners describes his investigation of the AGA Total Control oven, which can be controlled remotely with an app, via GSM. Munro found that:

  • the app uses HTTP rather than SSL
  • there was a potential for telephone numbers associated with the ovens to be enumerated
  • the app allowed passwords as short as five characters
  • "it would be trivial" to turn someone else's oven on and off
  • the control system could be misused to send SMS messages to mobile phones

According to the researcher,

Disclosure was a train wreck. We tried Twitter, every email address we could find and then rang them up. No response to any of the messages we left.

additional coverage:

Original Submission

 
This discussion has been archived. No new comments can be posted.
Vulnerabilities in AGA Total Control Electric Oven | Log In/Create an Account | Top | 25 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by Anonymous Coward on Saturday April 15 2017, @12:15AM (1 child)

    by Anonymous Coward on Saturday April 15 2017, @12:15AM (#494238)

    I used to visit a friend in England, not far from the Welsh border. He inherited a giant stone house built in 1650 (30"/750mm thick walls on the first floor). In the eat-in kitchen was a big Aga, it had been stuffed into what was originally an open fireplace/cooking hearth. It had 6 covered burners and (from memory) 6 doors on the front. It was gas fired and stayed on year round, the massive cast iron never saw any thermal shock, will probably last forever as long as it is kept on.

    In that part of England, it never gets very warm and is usually very damp -- so having this constant source of heat in the kitchen kept it warm, dry and mold-free. The Aga transformed a dank room with north exposure into a very inviting place. Given all the stone thermal mass, having a constant heat input makes sense, the heat requirement hardly varies over the daily cycle (no matter what is happening outside).

    The gas fire is arranged so that each of the burners and ovens are at different temps. None of this newfangled business of adjusting the range or oven for temperature, you just move the food from one location to another as needed. If it happened to be a little chilly in the winter, open one of the burner covers to get some additional heat into the room.

    After I understood how this worked, it seemed like an ideal way to cook...*in that climate*. Wouldn't make any sense here where we have to air condition in the summer. Turning it on and off to cook would be useless, it takes an age to get warmed up.

    The idea of adding an electronic control to such a perfect device seems like a travesty. Maybe the Aga company is being run by an incompetent descendant of the original inventor?

    Starting Score:    0  points
    Moderation   +3  
       Interesting=2, Underrated=1, Total=3
    Extra 'Interesting' Modifier   0  
    Total Score:   3  

  • (Score: 2) by kaszz on Saturday April 15 2017, @01:31AM

    by kaszz (4211) on Saturday April 15 2017, @01:31AM (#494256) Journal

    As we said about United Abuses, Death-by-MBA ;-)