Aga security flaw means hackers could ruin your boeuf bourguignon
Hackers are known to have targeted nuclear power stations but could they now interfere with dinner?
By and THE thought of a foreign power sending middle-England into meltdown by hacking into their Agas and ruining their boeuf bourguignon may seem far-fetched.
But owners of the oven – often described as a totemic symbol of country living – have been told that the terrifying prospect is all too possible.
A security expert has warned that Agas are at risk of being turned off and on by computer hackers.
Ken Munro, from Pen Test Partners, which tests technological devices for security weaknesses, has criticised the Swedish firm which makes the Aga over the safety of its range of ovens which can be controlled using an app. He came across what he described as a basic security flaw after deciding to upgrade his own Aga to the app-controlled model, which has been available since 2012.
“I wanted to know more about its security before spending extra on this option,” he said. “We found that even Agas can be hacked. Seriously.”
Each of the £10,000 Total Control Agas is assigned a phone number that receives and responds to commands from the app.
Mr Munro warned someone with “nefarious intentions” could compile a list of all numbers associated with the cookers and start controlling them.
“It takes hours for an Aga to heat up. Switch it off, annoy the hell out of people,” he said.
“They draw around 30 amps in full heat-up mode, so if you could switch enough of them on at once, one could cause power spikes.”
Unlike most smart devices, which connect through the internet, the Aga’s app sends text messages to a SIM card embedded in the ovens. When a user wants to turn their oven on or off they indicate this in the app which then sends a text message to the oven.
Mr Munro criticised the firm for not taking security seriously enough.
The company does not encrypt or verify the messages between its app and cookers, which allowed him to discover the format of the message sent between the two devices.
He said these could be replicated by a hacker and used to control the ovens remotely.
He urged the company to change its system to improve the security by replacing the text messages with secure Wi-Fi communications.
Aga said the system was operated by a separate company and it was looking into the problem.
“We take such issues seriously and have raised them immediately with our service providers so that we can answer in detail the points raised,” a spokesman said.