Here’s a thing that should have never been a thing: Bluetooth-connected hair straighteners.
Glamoriser, a U.K. firm that bills itself as the maker of the “world’s first Bluetooth hair straighteners,” allows users to link the device to an app, which lets the owner set certain heat and style settings. The app can also be used to remotely switch off the straighteners within Bluetooth range.
Big problem, though. These straighteners can be hacked.
Security researchers at Pen Test Partners bought a pair and tested them out. They found that it was easy to send malicious Bluetooth commands within range to remotely control an owner’s straighteners.
The researchers demonstrated that they could send one of several commands over Bluetooth, such as the upper and lower temperature limit of the device — 122°F and 455°F respectively — as well as the shut-down time. Because the straighteners have no authentication, an attacker can remotely alter and override the temperature of the straighteners and how long they stay on — up to a limit of 20 minutes.
“As there is no pairing or bonding established over [Bluetooth] when connecting a phone, anyone in range with the app can take control of the straighteners,” said Stuart Kennedy in …read more
Source:: TechCrunch Gadgets
Previous post
Next post