Telford-made Agas 'could be vulnerable to hackers'

Aga Rangemaster launched the Telford-made Aga Total Control oven in 2012, allowing users to turn on the new electrical models by using a mobile app.

Ken Munro of London-based cyber security company Pen Test Partners was thinking of upgrading his Aga, but on looking into the performance of the remotely-controlled ovens he found that they could be hacked externally.

Because the systems use text messages to communicate between the app, it means that maliciously-motivated hackers could switch the ovens on and off.

"All you have to do is simply send a text message to the Aga," Mr Munro wrote. "We didn't, but it would be trivial for less ethical culinary threat actors to do so.

"You probably know it takes hours for an Aga to heat up. Switch it off, annoy the hell out of people.

"I suppose it would make my Aga rather more efficient. By never being on."

It could also mean that e-mail addresses which are entered when registering the app could also be exposed to snoopers because of flaws in the system.

Mr Munro also called his attempts to report the issue to Aga "a train wreck", and said the problem was "not acceptable".

In a statement, Aga said it had raised the issues with the app's provider, adding: "Aga Rangemaster operates its Aga TC phone app via a third party service provider.

"Security and account registration also involves our M2M provider.

"We take such issues seriously and have raised them immediately with our service providers so that we can answer in detail the points raised."

The Total Control was one of a run of new products to emerge from the Telford manufacturing plant in the early part of this decade, along with a slimline two-oven model designed to appeal to people living in tighter spaces in London – the Aga City 60.

The company has since been bought out by American company Middleby Corp.