‘World’s first Bluetooth hair straighteners’ may be simply hacked
Here’s a factor that ought to have by no means been a factor: Bluetooth-connected hair straighteners.
Glamoriser, a U.Okay. agency that payments itself because the maker of the “world’s first Bluetooth hair straighteners,” permits customers to hyperlink the gadget to an app, which lets the proprietor set sure warmth and elegance settings. The app can be used to remotely change off the straighteners inside Bluetooth vary.
Big drawback, although. These straighteners may be hacked.
Security researchers at Pen Test Partners purchased a pair and examined them out. They discovered that it was straightforward to ship malicious Bluetooth instructions inside vary to remotely management an proprietor’s straighteners.
The researchers demonstrated that they might ship considered one of a number of instructions over Bluetooth, such because the higher and decrease temperature restrict of the gadget — 122°F and 455°F respectively — in addition to the shut-down time. Because the straighteners haven’t any authentication, an attacker can remotely alter and override the temperature of the straighteners and the way lengthy they keep on — as much as a restrict of 20 minutes.
“As there is no pairing or bonding established over [Bluetooth] when connecting a phone, anyone in range with the app can take control of the straighteners,” stated Stuart Kennedy in his blog post, shared first with TechCrunch.
There is a caveat, stated Kennedy. The straighteners solely enable one concurrent connection. If the proprietor hasn’t related their telephone or they exit of vary, solely then can an attacker goal the gadget.
Here at TechCrunch we’re all for setting issues on fireplace “for journalism,” however on this case the numbers communicate for themselves. If, per the researchers’ findings, the straighteners may very well be overridden to the utmost temperature of 455°F on the timeout of 20 minutes, that’s organising a major situation for a fireplace — or at very least burn injury.
It’s estimated that as many as 650,000 house fires within the U.Okay. are attributable to hair straighteners and curling irons left on. In some circumstances it could possibly take greater than a half-hour for these heated gadgets to chill all the way down to secure ranges. U.Okay. fireplace and rescue providers have known as on house owners to bodily pull the plug on their gadgets to stop fires and injury.
Glamoriser didn’t reply to a request for remark previous to publication. The app hasn’t been up to date since June 2018, suggesting a repair has but to be put in place.