Miscreants can remotely turn off and on posh Aga ovens via unauthenticated text messages, security researchers have warned.
All the hijackers need is the phone numbers of the appliances.
The vulnerable iTotal Control models of the upmarket cookers contain a SIM card and radio tech that connects to mobile phone networks. This allows the Brit-built roasters to receive texted commands: these messages can be sent directly to appliances from phones, or via an app or Aga's website, from anywhere in the world.
This means you can order your fancy baking oven to heat up before you leave from work, for instance. According to UK IT security consultants Pen Test Partners (PTP), this feature can be hijacked by villains to meddle with the slow cookers without the owners' permission.
These ovens are really pricy ($10,000 and up), and you'd think that at a premium price you'd get premium (or at least adequate) security.