Security Architecture, Endpoint/Device Security, IoT, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

App vulnerability could burn Aga oven owners

 Aga oven owners could have been left scratching their heads over why their food did not cook properly if not for a researcher at Pen Test Partners.

Ken Munro, of Pen Test, came across a flaw in the mobile app used to control these high-end, cast iron stoves that if exploited could allow a hacker to remotely take control of the oven, according to a BBC story.

The primary issue Munro found with the app is it uses SMS messages to control the oven and these are not authenticated by the oven. He also told the BBC that the company allows weak passwords to be used, as few as five characters, and email addresses are sent in plain text making them vulnerable, as well.

“AGA Rangemaster operates its AGA TC phone app via a third party service provider. Security and account registration also involves our M2M provider. We take such issues seriously and have raised them immediately with our service providers so that we can answer in detail the points raised,” Aga said in a statement to SC Media.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.