Sometimes the “smartest” gadgets come with the shoddiest security.
Alan Monie, a security researcher at U.K. cybersecurity firm Pen Test Partners, bought and tested a pair of Chips 2.0 wireless speakers, built by California-based Outdoor Tech, only to find they’re a security nightmare.
The in-helmet speakers allow users to listen to music on the go, make calls, and talk to your friends through the walkie-talkie — all without having to take your helmet off. The speakers are connected to an app on your phone.
You’re probably thinking: how bad can the security be on a simple-enough ski helmet speakers be?
According to Monie, who wrote up his findings, it’s easy to grab streams of data from the server-side API, used to communicate with the app, such as usernames, email addresses, and phone numbers of anyone with an account. Monie said the API returned scrambled passwords, but that password reset codes were sent in plaintext.
Worse, it’s possible to reveal a user’s precise geolocation, and listen in on anyone’s real-time walkie-talkie conversations.
The only thing worse than the security flaws are the company’s lack of response when Monie reached out to get the issues fixed. After a short email exchange over several days, the company …read more
Source:: TechCrunch Gadgets