Here's some news that might curl your hair: A pen testing firm has disclosed a vulnerability in the Glamoriser smart hair straightener that could allow attackers to easy gain control of the device and perhaps create a fire hazard.
The problem involves the Bluetooth Low Energy connection that the straightener uses to communicate with mobile devices running the product's official mobile device app. Because is no secure pairing or bonding process, hackers within Bluetooth range could take over the device with their own phones, warns the UK firm Pen Test Partners in a blog post today.
"There is no auth on the BLE communications between the device and the phone. Data can be sent to the device at any time as long as it is turned on (via the mains power socket)," the blog post states. "Something as simple as a button to push to put the straighteners in pairing mode would have solved it," the report later states.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.