Here’s a thing that should have never been a thing: Bluetooth-connected hair straighteners.
Glamoriser, a U.K. firm that bills itself as the maker of the “world’s first Bluetooth hair straighteners,” allows users to link the device to an app, which lets the owner set certain heat and style settings. The app can also be used to remotely switch off the straighteners within Bluetooth range.
Big problem, though. These straighteners can be hacked.
Security researchers at Pen Test Partners bought a pair and tested them out. They found that it was easy to send malicious Bluetooth commands within range to remotely control an owner’s straighteners.
The researchers demonstrated that they could send one of several commands over Bluetooth, such as the upper and lower temperature limit of the device — 122°F and 455°F respectively — as well as the shut-down time. Because the straighteners have no authentication, an attacker can remotely alter and override the temperature of the straighteners and how long they stay on — up to a limit of 20 minutes.
“As there is no pairing or bonding established over [Bluetooth] when connecting a phone, anyone in range with the app can take control of the straighteners,” said Stuart Kennedy in his blog post, shared first with TechCrunch.
There is a caveat, said Kennedy. The straighteners only allow one concurrent connection. If the owner hasn’t connected their phone or they go out of range, only then can an attacker target the device.
Here at TechCrunch we’re all for setting things on fire “for journalism,” but in this case the numbers speak for themselves. If, per the researchers’ findings, the straighteners could be overridden to the maximum temperature of 455°F at the timeout of 20 minutes, that’s setting up a prime condition for a fire — or …Read More
An influential group of attorneys called the Uniform Law Commission (ULC) will meet in Anchorage in July to debate and vote on model state legislation concerning drones. Thankfully, the ULC has made a great deal of progress since it first considered a one-sided, unworkable, 200-foot “line in the sky” approach last year. The current ULC proposal appropriately balances the rights of property owners with the needs of drone operators to access airspace.
The ULC’s proposal recognizes the same capabilities that make drones transformative for search and rescue, inspection and logistics, can – when misused – challenge the quiet enjoyment of property. If enacted by a state, the law would allow judges to weigh how many times and for how long the drone flew over the property, how low it was flying, why it was flying over the property, whether anyone saw the drone, and the time of day during which the flight occurred, when determining whether a drone has caused “substantial interference” with a property owner’s use and enjoyment of their land.
By giving courts the power to weigh each case on its own merits, the “Tort Law Relating to Drones Act” will allow drone flights for commercial purposes – such as package or medical supply delivery – to continue without fear of frivolous …Read More