08:55 01 May 2017
Ken Munro of Pen Test Partners was considering buying Aga’s iTotal Control (TC) system, when he discovered security issues in the app used to control the oven. Its SMS messages, which are used by the system to turn the oven on or off, are not authenticated by the cooker and could therefore be explored by hackers. He also found that the Sim car set up to send the messages is not validated on registration.
In a statement, Aga said: "Aga Rangemaster operates its Aga TC phone app via a third party service provider,"
"Security and account registration also involves our [machine to machine] provider.
"We take such issues seriously and have raised them immediately with our service providers so that we can answer in detail the points raised."
Meanwhile, Professor Alan Woodward, a cybersecurity expert at the University of Surrey, said: "It's kind of unacceptable that some random person could just take control of your Aga,"
"Will hackers try it? Who knows, but it just shouldn't be possible."