View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Beware! Hackers can ruin Easter Sunday Roast!

Your Easter Sunday roast could fall victim to cyber activity.

By Tom Ball

If you own an Aga cooker, and you use an app to remotely control it, hackers could be poised to put a dampener on your long weekend by ruining the Easter Sunday roast.

The security frailties in the app could mean a hacker would be able to turn off your oven, potentially ruining your hard work, but not in such a way that could threaten physical safety. Although your personal data could be at risk.

Security weaknesses in the app were discovered by Ken Munro of Pen Test Partners when he was looking to upgrade his own Aga. The app is provided by a third party, and the service is available for the latest Aga models.

The revelations have sparked concern for the makers of the iTotal Control system that Aga have implemented and marketed since 2012.

As reported by the BBC, Mr Munro said: “If you were maliciously motivated, it wouldn’t be very difficult to switch off people’s Aga’s remotely.” Mr Munro detailed the weak areas, he noticed that SMS messages govern the off and on function, and he found that these are not authenticated by the cooker.

The system also channels email addresses by sending them in plain text, this means that there is not form of protection for adversaries that intend to look in and access important personal data.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
READ MORE: Consumers remain oblivious to IoT security threats, despite £12m government campaign

In addition to this, he found that the SIM card was not configured to validate messages upon registration, leaving another soft area that could be used as an entry point.

This is yet another example of an unassuming, innocent looking appliance in the home that is connected, turning even a classic looking Aga cooker into a breach point for hackers intending to steal from you.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.