back to article Half-baked security: Hackers can hijack your smart Aga oven 'with a text message'

Miscreants can remotely turn off and on posh Aga ovens via unauthenticated text messages, security researchers have warned. All the hijackers need is the phone numbers of the appliances. The vulnerable iTotal Control models of the upmarket cookers contain a SIM card and radio tech that connects to mobile phone networks. This …

  1. Marketing Hack Silver badge
    Flame

    Can you control the oven temperature?

    Or is this one of the leet ovens that doesn't have temp controls?

  2. Richard 12 Silver badge

    Re: Can you control the oven temperature?

    Agas are the worst oven known to man. Incredibly inefficient unless you also need to heat the room all day.

    The temperature is pre-set during installation and cannot be changed.

    On/Off is all you get on an electric, and the gas ones don't even have an indicator to say that they are burning.

    Stayed at a place that has a gas one. It went out one day, we didn't realise until it was too late for it to warm up for dinner.

    So we went to the pub.

  3. Anonymous Coward
    Anonymous Coward

    Re: Can you control the oven temperature?

    AGA are in a mess. I interviewed there last year and even the short time I was in the office it was clear they were struggling for lack of direction, being beholden to a cabal of long-time employees so set in their ways that any innovation is fought against.

    They also made their receptionist redundant and installed a phone in the 'air lock' entrance to replace her.

    I don't blame them for trying new things. They are going to have to do a lot better though.

  4. Colin Bull 1
    Flame

    Incredibly inefficient - not

    We have a circa 1950 Rayburn version of the AGA. It was solid fuel but converted to oil. It heats a > 400 year 3 bed house and provides hot water for less than £500 a year. Not on all day. We once left a roast lamb dinner it it when we went to a beer festival. We were 3 hours late home and the lamb was delicious. If they are used properly can be a great asset.

  5. Tom 7 Silver badge

    Re: Incredibly inefficient - not

    We have a similar age aga that runs on oil and it sits there for maybe half the year heating the house and water. Its never turned off or down over the 'winter' period. I dare say you can get something a bit more efficient but no-where near as nice. And the food that comes out of it is extraordinary and modern 'smart' agas dont come close. It has two ovens and you can put a chicken carcass for stock in the 'cool' oven and take it out three days later and the stock is unbelievable. I have looked into the idea of seeing if it can be converted to rape seed but Aga are so up their own arses these days I'm not going to make their fortune for them.

  6. Kane Silver badge

    Re: Incredibly inefficient - not

    "We once left a roast lamb dinner it it when we went to a beer festival. We were 3 hours late home and the lamb was delicious."

    Is that because of the beer, or the Aga?

  7. Doctor Syntax Silver badge

    Re: Can you control the oven temperature?

    "So we went to the pub."

    Usually the best solution.

  8. Roland6 Silver badge

    Re: Can you control the oven temperature?

    >On/Off is all you get on an electric, and the gas ones don't even have an indicator to say that they are burning.

    Proper Aga's only use solid fuel (okay oil is an acceptable alternative if you've not got a decent supply of coal or tarred wood ie. ancient railway sleepers) - never really saw the point of the electric or gas Aga.

  9. Anonymous Coward
    Anonymous Coward

    Re: Can you control the oven temperature?

    Agas are the worst oven known to man. Incredibly inefficient unless you also need to heat the room all day. The temperature is pre-set during installation and cannot be changed. On/Off is all you get on an electric, and the gas ones don't even have an indicator to say that they are burning. Stayed at a place that has a gas one. It went out one day, we didn't realise until it was too late for it to warm up for dinner.

    So we went to the pub.

    Actually the Total Control is the Electric model that you can switch individual ovens on and it doesn't have to be on all day you had a timer you could set. I looked at one for my house before I moved in and decided against it because despite my estate agent saying they raised the value of the house - the space I had to put it in wasn't really large enough. If you live in a large house they're actually quite good because they really do heat the room and reduce the need to have a radiator in the kitchen. I went to a cooking demonstration for AGA and saw how to cook on one despite not actually buying one for myself in the end. You can dry clothes on them, do a wicked toasted sandwich on top (with some silicone paper) and the best cake I've ever cooked was done in an AGA. You can alter the temperature (on an Oil and Gas ones as my mum and sister have them*) but you're supposed to use different ovens and positions within the oven to cook. *They were in the houses when they moved in they didn't have them put in. Also it will carbonise food left in there and I've seen some beautiful examples of bread that looked exactly the same as when it went in to the oven just now carbon black and shiny.

    Still a bit of a shocker to find that someone can turn on your oven whilst you're out if you went for the connected model. I can think of ways to mitigate this even if you did go with the SMS option and not a more secure wifi option. Not even sure this counts as coming under the IOT banner because it's using SMS.

  10. fidodogbreath Silver badge

    Re: Can you control the oven temperature?

    They also made their receptionist redundant and installed a phone in the 'air lock' entrance to replace her.

    If you know the phone number, you can probably open the airlock by SMS.

  11. N2 Silver badge

    Re: Incredibly inefficient - not

    Agreed,

    Our Rayburn uses wod & works superbly well, heating water by convection.

    So if the Russians cut off the gas & theres a power cut, it continues to heat the house, water & cook.

  12. bjr

    Re: Incredibly inefficient - not

    I'm confused. Are you saying that in Britain it's common to heat a house with a kitchen stove? In the US we haven't done that since the 19th century, we have proper furnaces that heat the house and kitchen stoves or ovens that are designed to cook dinner, they don't heat the kitchen let alone the house.

  13. John Brown (no body) Silver badge

    Re: Incredibly inefficient - not

    "I'm confused. Are you saying that in Britain it's common to heat a house with a kitchen stove?"

    No, we don't. In some circumstances, they might still do that but they are either years old (there's really nothing in them the break) or are bought by people with a big kitchen and plenty of cash mainly for a bit of that Olde Worlde look. A bit like those of you in the colonies who still like the old fashioned 1950's look refrigerator or other kitchen appliances.

    But wait! You have a whole furnace to heat your house? What is it? A 10 bedroom mansion? Do you employ your own stoker to shovel the coal in?

    Most people in the UK have a fairly small gas powered combi boiler that does heating and "instant" hot water that's about the size of a medium suit case.

  14. Thrudd

    Re: Incredibly inefficient - not

    Radiant heating is the exception and not the norm in the Americas and electric is more common than water for those that do.

    Central forced air is the default here and by mansions you mean three to four bedrooms in a household with weather below freezing for at least 4 months of the year, then yes.

  15. Anonymous Coward
    Anonymous Coward

    iTotal Control!

    ...rolling on the floor, laughing.

  16. dbtx Bronze badge

    the bruised and bloodied optimist in me says "maybe someone will learn from this example" but he is also learning-- slowly

  17. Number6

    I had a WTF? moment reading the headline, which only got worse when I read the article. Why would anyone want to remotely control an Aga? Or isn't it a 'proper' oven, just a designer look-alike?

  18. MyffyW Silver badge
    Coat

    My thought entirely @Number6 - if one is so luddite-minded as to have a 19th century oven, why would one want to embugger it with a late-20th century innovation such as SMS-based remote control?

    The only explanation is we have hit upon a new trope following steam-punk, diesel-punk etc. I'm getting my coat - the one without the lace-up corset.

  19. Warm Braw Silver badge

    Why would anyone want to remotely control an Aga?

    It's been a bugger getting the staff, ever since the Great War...

  20. phuzz Silver badge

    I assume, so that you can turn the oven on before you get home, so it's warmed up to temperature, ready for the roast duck you're cooking (or whatever one cooks in one's Aga).

  21. Roland6 Silver badge

    >I assume, so that you can turn the oven on before you get home, so it's warmed up to temperature

    With a real Aga, best to turn it on before you leave for work in the morning...

    But then,, just like preserved steam engines, they don't like being hot/cold cycled too often...

  22. Tikimon Silver badge
    WTF?

    How long is the effing preheat cycle?!?

    How may days' lead time does one need to preheat these things that a remote-start is useful? My not-expensive electric oven heats up in ten minutes. Does anyone really come home and race into the kitchen to immediately throw a fully-prepared dish in the oven? Who really lives by such tight time margins?

    Another product in desperate need of a purpose. I shorely wish people would design things we actually need instead of questionable excuses to bolt on some electronics and internet connection...

  23. Loud Speaker Bronze badge

    whatever one cooks in one's Aga

    Peasants or pheasants - depends on your social class.

  24. Anonymous Coward
    Anonymous Coward

    Agreed.

    When they can program:

    "fetch the peas from the pantry, open the tin, put them in the pan, put the pan on the stove, light it at a medium heat and throw away the old can in the correct bin" into a SMS, I'll be impressed.

  25. Anonymous Coward
    Anonymous Coward

    so much automation

    I can set the washing machine going before leaving work, turn on the cooker, the fridge re-filled itself from Amazon direct and the Rhumba cleaned the floor..... why do i need to go home? i can stay at the coal face for a few more hours earning that state pension that wont be there when i retire.

    I know people do have reasons for iOt stuff but who is so busy that they need to turn the oven on before they get home. I was told as a child NOT to leave the oven/cooker on when no-one was home.

  26. Big John Silver badge

    Re: so much automation

    And why hasn't this caught the attention of the home insurance industry? Won't they want to know that ovens are running hot in empty houses?

    Also consider someone putting a roast in there and leaving it all day before it cooks. Aging beef is fine, but not at room temperature!

  27. Richard 12 Silver badge

    Re: so much automation

    A "normal" Aga is never off.

    Presumably they realised that might be bad for home users gas or electric bills, and isn't energy-efficient in any sense of the word.

    Horrible things.

  28. Michael H.F. Wilkinson Silver badge

    Re: so much automation

    Call me mad (or luddite), but I actually prefer being home when something is in the oven, just to keep an eye on things (and occasionally baste things for that crispy skin on chicken, and leg of boar glazed with home-made apple treacle is truly great). I could use the timer on my SMEG oven quite nicely, although that does not cope well with sudden changes to plans. Therefore, I much prefer turning it on when I get home. It takes just shy of 10 minutes to get to its highest working temperature (it also has two ovens in which I can control temperature independently), so I really, really do not see the need of remote control. The ten minutes warm-up time are readily filled with laying table, chopping vegetables, relaxing after work with a beer, or even talking to members of the family.

    I have nothing fundamentally against remote control, but to implement it in this terrible way is mindboggling.

  29. Prst. V.Jeltz Silver badge

    Re: so much automation

    I'd have thought the main advantage of this newfanglry is that finally you can do something about the nagging

    "did i leave the oven on?" feeling , and turn it OFF

  30. Loud Speaker Bronze badge

    Re: so much automation

    I actually prefer being home when something is in the oven, just to keep an eye on things

    In the 17th century, when these things were invented, you had servants to do that. These days, we have teleworking, so you can do it yourself.

  31. FozzyBear Silver badge

    El Reg asked Aga if it was going to take this advice, and we've yet to get a substantive response.

    Sorry El Reg they are currently busy speaking with the fire department after a number of their new, totally cool (or should that be hot), remote controlled ovens spontaneously caught fire

  32. Brian Miller Silver badge

    Use a clock timer

    The only secure way for this to work is simply to use a clock timer. Set the clock time, and then set the time for when you'd like the Aga to start heating. Done.

  33. allthecoolshortnamesweretaken Silver badge

    Re: Use a clock timer

    Set it and forget it!

  34. Anonymous Coward
    Anonymous Coward

    AGA do

    AGA dont

  35. PNGuinn Silver badge
    Coat

    Re: AGA do

    AGA Can't.

    Well, somebody had to.

  36. Anonymous Coward
    Anonymous Coward

    Re: AGA do

    Push pineapple. Write CV.

    ...

    Sorry. Really sorry. But you started it.

  37. Commswonk Silver badge

    Re: AGA do

    @ PNGuinn:

    AGA Can't.

    Well, somebody had to.

    I was going to until I saw that you had beaten me to it.

    But I was going to say "AGA Khan't".

  38. Kubla Cant

    Re: AGA do

    But I was going to say "AGA Khan't"

    Hey! That's my pun!

  39. Stoneshop Silver badge
    Flame

    Not even half-baked security

    Let's hope the developers get roasted (but I'm not holding my breath)

  40. T. F. M. Reader Silver badge

    Re: Not even half-baked security

    s/developers/product managers/ ?

  41. PTW
    FAIL

    True Sloane Range-r

    First thought was why and how do you i-control something that takes a day to get to working temperature? Then I read it's electric, and thought ouch that's going to cost a bit to leave running 24/7 but still Agas don't really have a 'stat as such.*

    Then I see it draws 30A, so basically a very f@#cking heavy, and enormously expensive cast iron shell around an electric oven for the Chelsea Tractor driving mummies "in town" so they can look the part. Hack away, well text away, my friends, text away!

    *To our friends across the water Agas are traditionally solid fuel or oil, they are cast iron, sectional, built in situ and filled with insulation. With a built-in hot water boiler to use some of the excess heat. The idea being they run at a working temperature 24/7

  42. H in The Hague Silver badge

    Re: True Sloane Range-r

    "Then I see it draws 30A, so basically a very f@#cking heavy,"

    Yup. Though it doesn't draw 30 A continuously. Friends of mine have one in their large old house in Ceredigion, sort of makes sense as it keeps the kitchen (where you spend most of your time) warm in winter. When they bought a house in The Hague they wanted to get an Aga there too - until I did a few calculations on the back of an envelope and pointed out that the standing losses of the Aga would be seven times the power consumption for my whole house. Aga: great when and where it was invented (cold Sweden) but no longer relevant for most of us. Though reasonably nice to cook with once you get used to it.

  43. Tom 7 Silver badge

    Re: True Sloane Range-r

    I think one of the thing people dont seem to realise about the permanently on aga is it is nowhere near as inefficient as people make out. If its properly looked after (the internal insulation needs checking every few years or so) it will just sit quietly in the corner keeping your house warm. Not hot - with an aga you can get by with it several degrees cooler as one its up and running and temperatures are stable you dont have the cold wall heat sinks that you get with a normal on-off heating system so it actually feels warmer than it is. We have ours on nearly half the year over winter and it provides us with heating, hot water and cooking over the coldest part of the year for pretty much the same oil use as our high-efficiency boiler provides hot water and add-lib heating the rest of the year.

  44. phuzz Silver badge
    Flame

    Re: True Sloane Range-r

    We used to have a cheap Aga-like oven in the house where I grew up, although this was a solid fuel (ie wood and coal) fired one. During the winter we had to keep it burning constantly, because it was the only source of heat in the whole house, even in the UK, there's a risk of freezing to death if you have no heating during a cold snap.

    There's also another use for an Aga that no one has mentioned. They typically have several doors, opening on compartments at different temperatures, one of which is around 30-40C (I guess it's supposed to be for warming one's plates or somesuch). Farmers use this to incubate lambs that have been abandoned by their mothers. Maybe you own a jumper that started it's life snuggled inside an Aga?

  45. Roland6 Silver badge

    Re: True Sloane Range-r

    >Not hot - with an aga you can get by with it several degrees cooler as one its up and running and temperatures are stable you dont have the cold wall heat sinks that you get with a normal on-off heating system so it actually feels warmer than it is.

    The problem is that you do need a house with sufficient thermal mass in the right place, namely an internal wall and chimney stack, so the Aga can heat it up - something missing in the vast majority of modern houses (ie. post-WWII). Interestingly, if you go off grid and seriously look at alternative energy/zero carbon houses, you discover that thermal mass is a handy thing to have.

  46. Anonymous Coward
    Anonymous Coward

    Re: True Sloane Range-r

    I used to sell them (I got a better job and left with no hard feelings) and I really liked the way it cooked food. |Couldn't afford one myself but they are definitely a status symbol. My American friends all asked if I could get them a discount because they all wanted one. You don't have to leave the Total Control on all day you can program it with timer and have it come on when you get home or have it on half temp during the day. Never heard of the iTotal Control though must have come in well after I left as the Total Control was only being launched just as I was leaving.

  47. allthecoolshortnamesweretaken Silver badge

    Just remember, folks - the "S" in "IoT" is for security.

  48. Lee D Silver badge

    And the H in this instance is for Hydrant?

  49. Dan 55 Silver badge

    Presumably there's no way to fix this other than a recall...

    ... as a software update by concatenating text messages in base64 is a rather expensive option.

  50. PNGuinn Silver badge
    FAIL

    Re: Presumably there's no way to fix this other than a recall...

    Just pull the bloody SIM. Job done.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018