Half Baked IoT Stove Could Be Used As A Remote Controlled Arson Device

[Pen Test Partners] have found some really scary vulnerabilities in AGA range cookers. They are connected by SMS by which a mobile app sends an unauthenticated SMS to the AGA to give it commands for instance preheat the oven, You can also just tell your AGA to turn everything on at once.

The problem is with the web interface; it allows an attacker to check if a user’s cell phone is already registered, allowing for a slow but effective enumeration attack. Once the attacker finds a registered device, all they need to do is send an SMS, as messages are not authenticated by the cooker, neither is the SIM card set up to send the messages validated when registered.

This is quite disturbing, What if someone left a tea towel on the hob or some other flammable material before leaving for work, only to come back to a pile of ashes?  This is a six-gazillion BTU stove and oven, after all. It just seems the more connected we are in this digital age the more we end up vulnerable to attacks, companies seem too busy trying to push their products out the door to do simple security checks.

Before disclosing the vulnerability, [Pen Test Partners] tried to contact AGA through Twitter and ended up being blocked. They phoned around trying to get in contact with someone who even knew what IoT or security meant. This took some time but finally they managed to get through to someone from the technical support. Hopefully AGA will roll out some updates soon. The company’s reluctance to do something about this security issue does highlight how sometimes disclosure may not be enough.

[Via Pen Test Partners]

Pressure-formed Parabolic Mirror from a Mylar Blanket

Parabolic reflectors are pretty handy devices. Whether you’re building a microwave antenna or a long-distance directional microphone, suitable commercial dishes aren’t that hard to come by. But a big, shiny mirror for your solar death-ray needs is another matter, which is where this pressure-formed space blanket mirror might come in handy.

Pressure-forming was a great choice for [NighthawkInLight]’s mirror. We’ve covered pressure-formed plastic domes before, and this process is similar. A sheet of PVC with a recessed air fitting forms the platen. The metallized Mylar space blanket, stretched across a wooden frame to pull out the wrinkles and folds, is applied to a circle of epoxy on the platen. After curing, a few puffs with a bicycle tire pump forms the curve and stretches the film even smoother. [NighthawkInLight]’s first attempt at supporting the film with spray foam insulation was a bust, but the later attempt with fiberglass mesh worked great. A little edge support for the resulting shiny taco shell and the mirror was capable of the required degree of destructive potential.

We doubt this process can be optimized enough to produce astronomy-grade mirrors for visible light, but it still has a lot of potential applications. Maybe a fiberglass radio astronomy dish could be pressure-formed directly with a rig like this?

Brewing Beer with a Sous Vide Cooker

[Ken] found an interesting use for his sous vide cooker. He’s been using it to help him with his home brewing. It’s unlikely that the manufacturer ever intended it to be used in this manner, but as hackers we don’t really care about warranties.

Beer brewing is as much of an art as it is a science. There are a lot of variables that go into the process, and tweaking any one of them can result in your beer tasting different. There is one process during brewing that is called mashing. Mashing is when you soak malted grains in hot water to pull out the sugar. The amount of sugar that gets extracted is very dependent on how long the grains are soaked, and the temperature of the water. If you want your beer to taste a certain way, then you want to ensure that the water stays at constant, repeatable temperature.

As a home brewer, [Ken] has been using his stove top to heat the water. This gets the water warm, but in order to keep the temperature consistent, he has to constantly monitor the temperature and adjust the knob accordingly. Who wants to sit around and do that all day? He needed something to control the temperature automatically. Enter the sous vide cooker.

Sous vide is a method of cooking in which food is placed into an airtight bag and then submerged in a water bath with very strict temperature control. The process takes a long time to cook the food, but the result is supposed to be meat that is cooked perfectly even while also retaining all of the moisture and juices. [Ken] figured he might be able to use a sous vide cooker to control the temperature of the mash instead of a water bath.

His experiment worked wonderfully. He used the stove top to help get the mash up to the close temperature, then the sous vide cooker was used to fine tune things from there. [Ken] says he was able to achieve 75% efficiency with his mash, which is exactly what he was going for. Continue reading “Brewing Beer with a Sous Vide Cooker”