Advertise with my Blog

pen test partners

‘World’s first Bluetooth hair straighteners’ can be easily hacked

‘World’s first Bluetooth hair straighteners’ can be easily hacked

July 11, 2019

Here’s a thing that should have never been a thing: Bluetooth-connected hair straighteners.

Glamoriser, a U.K. firm that bills itself as the maker of the “world’s first Bluetooth hair straighteners,” allows users to link the device to an app, which lets the owner set certain heat and style settings. The app can also be used to remotely switch off the straighteners within Bluetooth range.

Big problem, though. These straighteners can be hacked.

Security researchers at Pen Test Partners bought a pair and tested them out. They found that it was easy to send malicious Bluetooth commands within range to remotely control an owner’s straighteners.

The researchers demonstrated that they could send one of several commands over Bluetooth, such as the upper and lower temperature limit of the device — 122°F and 455°F respectively — as well as the shut-down time. Because the straighteners have no authentication, an attacker can remotely alter and override the temperature of the straighteners and how long they stay on — up to a limit of 20 minutes.

“As there is no pairing or bonding established over [Bluetooth] when connecting a phone, anyone in range with the app can take control of the straighteners,” said Stuart Kennedy in his blog post, shared first with TechCrunch.

There is a caveat, said Kennedy. The straighteners only allow one concurrent connection. If the owner hasn’t connected their phone or they go out of range, only then can an attacker target the device.

Here at TechCrunch we’re all for setting things on fire “for journalism,” but in this case the numbers speak for themselves. If, per the researchers’ findings, the straighteners could be overridden to the maximum temperature of 455°F at the timeout of 20 minutes, that’s setting up a prime condition for a fire — or …

Read More
Advertise with my Blog