Security flaws in Aga’s smart ovens can be exploited via SMS messages. Aga management opted to use a GSM SIM module to control its devices, instead of the classic option of using a Wi-Fi module. There’s no authentication involved with the SMS management commands, meaning anyone could send them, and mess around with people’s “smart”” ovens. The Aga web-based administration panel contains flaws that allow attackers to scrape for all active SIM card numbers assigned to Aga ovens
Source: security