The issue in relation to hair straighteners is with a product produced by Glamoriser. The company has manufactured what is calling the “world’s first Bluetooth hair straighteners“. Essentially the device is connected to an app, which allows the user to set tailored heat and style settings. The app can also be used to remotely switch off the straighteners.
Should this functionality be appealing, then this is all well and good. However, as TechCrunch reports, there is a vulnerability – the straighteners can be hacked. This issue has been detected by security researchers working at Pen Test Partners. The company purchased a pair of the connected straighteners and examined them. It was established that it was relatively straightforward to send malicious Bluetooth commands when in range. This allows someone else to remotely control any setting on the straighteners. In terms of safety, this includes the ability to alter the upper and lower temperature limit of the device.
Commenting on the flaw, Stuart Kennedy from Pen Test Partners states: “As there is no pairing or bonding established over [Bluetooth] when connecting a phone, anyone in range with the app can take control of the straighteners.”
The issue highlights the risk with many home Internet of Things devices, many of which are prone to hacking. This includes home security cameras, baby monitors, thermostats, and doorbells. Cybercrooks can scan the Internet for poorly protected Internet of Things devices, or be proximity to homes, and use the flaws to alter device settings or for the purposes of extracting data.
In relation, while there were many ways to compromise home devices on the part of hackers, it remains that many smart devices have their default passwords available on the Internet and buyers are not advised, or elect not to, to change default credentials.
