Friday, April 14, 2017

Half-baked security in expensive IoT oven

This is kind of funny, actually:
Miscreants can remotely turn off and on posh Aga ovens via unauthenticated text messages, security researchers have warned. 
All the hijackers need is the phone numbers of the appliances. 
The vulnerable iTotal Control models of the upmarket cookers contain a SIM card and radio tech that connects to mobile phone networks. This allows the Brit-built roasters to receive texted commands: these messages can be sent directly to appliances from phones, or via an app or Aga's website, from anywhere in the world. 
This means you can order your fancy baking oven to heat up before you leave from work, for instance. According to UK IT security consultants Pen Test Partners (PTP), this feature can be hijacked by villains to meddle with the slow cookers without the owners' permission.

These ovens are really pricy ($10,000 and up), and you'd think that at a premium price you'd get premium (or at least adequate) security.


Ted said...

If you give your stove a phone , all it would do is secretly conspire with my car and my A/C to run up my bills. Bad enough that the kids all have phones. Now they want me to pay the the text message all my appliances send to each other's??? Next they'll all want Facebook accounts

ASM826 said...

You could set up the stove to battle with the HVAC.

"Betcha I can make it 10 degrees hotter in the kitchen."

"Bet you can't."

"Okay, let me use the toaster too, and let's go for it."