Bluetooth Low Energy (BLE) is the go-to protocol for low-powered networking in personal devices, so "smart" sex-toy manufacturers have adopted it -- despite the protocol's many vulnerabilities. That means that hackers can now wander city streets, detecting and compromising sex toys from the sidewalk, in a practice that Pentest Partners' Alex Lomas has dubbed "Screwdriving" (analogous to "Wardriving").
Lomas demonstrated the attack by wandering the streets of Berlin, compromising Lovesense Hush buttplugs. He also demonstrated that he could attack and compromise his father's BLE-enabled hearing aid, controlling what sound was played, allowing him to put voices in his father's head, or selectively alter his hearing.
Paul Di Filippo (previously) points out that he predicted this in his 2007 story Wikiworld, collected in the first Fast Forward anthology.
As it turns out, reverse-engineering the control messages between apps and a number of devices was not terribly difficult—the communications between the apps and the toys were not encrypted and could easily be recorded with a packet capture tool. They could also be replayed by an attacker, since the devices accepted pairing requests without a PIN code—allowing anyone to take over control of them.
The BLE beacons of these devices also make them particularly vulnerable to remote detection. The Hush in particular is vulnerable to tracking, as every Hush has the same Blutooth device name—making it easy to spot one while scanning. Lomas noted that while walking in Berlin recently with a Bluetooth discovery app on his phone, "I was genuinely surprised to see the Hush BLE name, LVS-Z001, pop up."
Screwdriving. Locating and exploiting smart adult toys
[Alex Lomas/Pentest Partners]
“NSFW” doesn’t begin to describe Bluetooth security in sex toys
[Sean Gallagher/Ars Technica]
“Researchers conclude that Zoom uses non-industry-standard cryptographic techniques with identifiable weaknesses and is not suitable for sensitive communications.”
The suddenly popular videoconferencing app Zoom has issued a patch for a vulnerability in its Windows client that allowed attackers to steal the user’s Windows login credentials from malicious chat links. Hi @zoom_us & @NCSC – here is an example of exploiting the Zoom Windows client using UNC path injection to expose credentials for use […]
Everyone is using Zoom for everything from pandemic family gatherings to A.A. meetings to therapy sessions to teaching college classes, but the app has newly revealed and very concerning security vulnerabilities. The contents of thousands of video calls made on the app Zoom were exposed on the open web, and easily available via common web […]
The last few weeks have given us all a lot to think about. As we watched stores close, Costco lines snake through parking lots and items like hand sanitizer and toilet paper disappear everywhere like they were Lady Gaga tickets, there’s one significant takeaway it’s safe to say we all can agree on. We should […]
Whether it was Bach or Chopin, Ray Charles or Jerry Lee Lewis, Stevie Wonder, Elton John, Alicia Keys or Norah Jones, there was someone whose mastery on the piano made you think, wow, I wish I knew how to do that. It’s a singular, almost timeless skill — and if you love music, there’s no […]
With everything happening now, even the most jaded among us are bound to feel some pangs of anxiety now and again. It’s a crazy time. When we crawl into bed each night, it’s common for our brains to go into overdrive and start thinking — and worrying — about what’s going on and what’s to […]