Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Friday April 14 2017, @10:20PM   Printer-friendly
from the color-me-unimpressed dept.

Ken Munro of Pen Test Partners describes his investigation of the AGA Total Control oven, which can be controlled remotely with an app, via GSM. Munro found that:

  • the app uses HTTP rather than SSL
  • there was a potential for telephone numbers associated with the ovens to be enumerated
  • the app allowed passwords as short as five characters
  • "it would be trivial" to turn someone else's oven on and off
  • the control system could be misused to send SMS messages to mobile phones

According to the researcher,

Disclosure was a train wreck. We tried Twitter, every email address we could find and then rang them up. No response to any of the messages we left.

additional coverage:


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by kaszz on Saturday April 15 2017, @12:54PM

    by kaszz (4211) on Saturday April 15 2017, @12:54PM (#494384) Journal

    Consider modifying the existing hardware, including replacing the microcontroller.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2