Authorization

Worlds first Bluetooth hair straighteners can be easily hacked

Heres a thing that should have never been a thing: Bluetooth-connected hair straighteners.
Glamoriser, a U.K. firm that bills itself as the maker of the worlds first Bluetooth hair straighteners, allows users to link the device to an app, which lets the owner set certain heat and style settings. The app can also be used to remotely switch off the straighteners within Bluetooth range.
Big problem, though. These straighteners can be hacked.
Security researchers at Pen Test Partners bought a pair and tested them out. They found that it was easy to send malicious Bluetooth commands within range to remotely control an owners straighteners.
The researchers demonstrated that they could send one of several commands over Bluetooth, such as the upper and lower temperature limit of the device 122F and 455F respectively as well as the shut-down time. Because the straighteners have no authentication, an attacker can remotely alter and override the temperature of the straighteners and how long they stay on for up to a limit of 20 minutes.
As there is no pairing or bonding established over [Bluetooth] when connecting a phone, anyone in range with the app can take control of the straighteners, said Stuart Kennedy in his blog post, shared first with TechCrunch.
There is a caveat, said Kennedy. The straighteners only allow one concurrent connection. If the owner hasnt connected their phone or they go out of range, only then can an attacker target the device.
Here at TechCrunch were all for setting things on fire for journalism, but in this case the numbers speak for themselves. If, per the researchers findings, the straighteners could be overridden to the maximum temperature of 455C at the timeout of 20 minutes, thats setting up a prime condition for a fire or at very least burn damage.
Its estimated as many 650,000 house fires in the U.K. are caused by hair straighteners and curling irons left on. In some cases it can take more than a half-hour for these heated devices to cool down to safe levels. U.K. fire and rescue services have called on owners to physically pull the plug on their devices to prevent fires and damage.
Glamoriser did not respond to a request for comment prior to publication. The app hasnt been updated since June 2018, suggesting a fix has yet to be put in place.

Smart home tech makers dont want to say if the feds come for your data
See also:
Leave a comment
News
  • Latest
  • Read
  • Commented
Calendar Content
«     2019    »
1234567
891011121314
15161718192021
22232425262728
293031