SoylentNews is people
SoylentNews
Ken Munro of Pen Test Partners describes his investigation of the AGA Total Control oven, which can be controlled remotely with an app, via GSM. Munro found that:
- the app uses HTTP rather than SSL
- there was a potential for telephone numbers associated with the ovens to be enumerated
- the app allowed passwords as short as five characters
- "it would be trivial" to turn someone else's oven on and off
- the control system could be misused to send SMS messages to mobile phones
According to the researcher,
Disclosure was a train wreck. We tried Twitter, every email address we could find and then rang them up. No response to any of the messages we left.
additional coverage:
This discussion has been archived.
No new comments can be posted.
Vulnerabilities in AGA Total Control Electric Oven
|
Log In/Create an Account
| Top
| 25 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Fascinating is a word I use for the unexpected.
-- Spock, "The Squire of Gothos", stardate 2124.5
(Score: 3, Interesting) by VLM on Saturday April 15 2017, @12:50PM
Research Jewish attitudes toward sabbath and ovens. No not those kind of ovens, the boring kitchen kind.
To make a really long story somewhat simplified and short (so yeah I know this is inexact, but close enough):
1) For any possible interpretation of ... anything, there is at least one Jew on the ground holding that opinion. Politics, cooking, religion... Its not even anti-semitic to observe that you ask three Jews what the Talmud says about X and you get at least four conflicting answers. Its just how they are.
2) There exist at least some Jews that see the sabbath rules as not permitting opening and closing of electrical contacts due to something involving fire and a confusion about what fire is vs a spark and a total lack of understanding about electronics.
3) A subset of the above think its hilarious to "cheat" their god by programming timers on their ovens. They can control "fire" and oven timers all they want before the sabbath as long as they don't control anything during sabbath itself. So... oy vey what is this my oven turned on for no apparent reason during sabbath, now don't be a pissed off volcano god, but I'm gonna cook my dinner now while carefully not touching any oven controls. Hence the "Sabbath Timer" feature available on even ancient ovens. No this is not a parody look in your kitchen oven manual there's probably some manner of "sabbath" feature.
4) Its a very small extension of the "sabbath timer" feature to include an iphone app that controls your oven. As per #1 above and #2 above there exist at least some Jews that will believe operating the oven via the iphone app "cheats god" to get around the sabbath fire rules. Technically you can manipulate an app with a touch screen resulting in no sparks and you can control heating elements since the 90s or so with solid state relays so you could build the phone into the oven as a touch screen and to a non-Jew like me that sounds like a reasonable solution but see #1 above so ...
Aside from the Jews I bet most of the users will be OCD people who go to work and ponder if they shut off the teapot or not.
I would suspect that much like "smart TVs" most of the purchasers will never use the feature, never even set it up. The blinking VCR 12:00 of the 80s/90s is the "smart appliance" today. Its not that they buyer wants it or knows how to use it or ever uses it, its that you won't be able to buy a $2000 status symbol oven without it that results in deployment of shitty "smart" appliances.