Serviceteam IT Security News

Security researchers have hacked hair straighteners from Glamoriser, according to Pen Test Partners. The UK firm bills itself as the maker of the “world’s first Bluetooth hair straighteners,” devices that users can link to an app so that the owner can set the heat and style settings and switch the straighteners off from within Bluetooth range. 

Researchers found it relatively easy to send malicious Bluetooth commands within range, allowing them to remotely control the hair straighteners. The researchers demonstrated that they could send one of several commands over Bluetooth, lowering the temperature to 122°F and raising it as high as 455°F – higher than paper’s burning point. An attacker could remotely alter and override the temperature of the straighteners and how long they stay on. 

“Hair straighteners can cause house fires and skin burns if not used safely. We’ve shown that we can tamper with the temperature, so even if used safely by the user, a hacker can make them less safe,” the researchers wrote.

“It would have been so easy for the manufacturer to include a pairing/bonding function to prevent this. Something as simple as a button to push to put the straighteners in pairing mode would have solved it. Instead, we now have a method to set fire to houses.”

As the straightener is a Bluetooth, a malicious actor intending to start a fire would need to be in range in order to exploit this vulnerability, and Lamar Bailey, senior director of security research at Tripwire, said, “the probability of exploration from a hacker is very low, unless you make a sibling or neighbor (if you live in an apartment) mad at you. If you have this device, remember to be nice to anyone who could be within 33 feet of you straightening your hair.”

In order to mitigate the risks of these connected devices being compromised, Ben Goodman, CISSP, senior vice president of global business and corporate development at ForgeRock, said Glamoriser must hold themselves accountable for securely establishing and maintaining the full lifecycle of IoT devices. 

“IoT projects often prioritize connectivity and data consumption and look to security and privacy as afterthoughts. IoT is here to stay and the identities of connected devices, services and users and their associated credentials must be trusted and usable across numerous connected ecosystems to prevent man-in-the-middle as well as other types of attacks.”

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!