Bluetooth Low Energy (BLE) is the go-to protocol for low-powered networking in personal devices, so "smart" sex-toy manufacturers have adopted it -- despite the protocol's many vulnerabilities. That means that hackers can now wander city streets, detecting and compromising sex toys from the sidewalk, in a practice that Pentest Partners' Alex Lomas has dubbed "Screwdriving" (analogous to "Wardriving").
Lomas demonstrated the attack by wandering the streets of Berlin, compromising Lovesense Hush buttplugs. He also demonstrated that he could attack and compromise his father's BLE-enabled hearing aid, controlling what sound was played, allowing him to put voices in his father's head, or selectively alter his hearing.
Paul Di Filippo (previously) points out that he predicted this in his 2007 story Wikiworld, collected in the first Fast Forward anthology.
As it turns out, reverse-engineering the control messages between apps and a number of devices was not terribly difficult—the communications between the apps and the toys were not encrypted and could easily be recorded with a packet capture tool. They could also be replayed by an attacker, since the devices accepted pairing requests without a PIN code—allowing anyone to take over control of them.
The BLE beacons of these devices also make them particularly vulnerable to remote detection. The Hush in particular is vulnerable to tracking, as every Hush has the same Blutooth device name—making it easy to spot one while scanning. Lomas noted that while walking in Berlin recently with a Bluetooth discovery app on his phone, "I was genuinely surprised to see the Hush BLE name, LVS-Z001, pop up."
Screwdriving. Locating and exploiting smart adult toys
[Alex Lomas/Pentest Partners]
“NSFW” doesn’t begin to describe Bluetooth security in sex toys
[Sean Gallagher/Ars Technica]
The United States Internal Revenue Service says it purchased access to a marketing database that offers location data for millions of US cellphones, so the IRS can identify and track persons suspected of tax-related crimes.
Following the discovery and prompting of a security researcher at Awake Security, Google says it has removed 106 malicious Chrome extensions that had 32 million downloads, and which were gathering browsing history and sensitive credentials from users.
Video-calling app Zoom has been on the end of sharp criticism for security weaknesses. In response, they announced today a plan to offer end-to-end encryption for all users, with a trial to begin next month.
Today’s teachers extol the virtues of hands-on learning, the method of helping students, particularly the youngest children, learn through basic doing. From trial-and-error methods to practice honing their emerging skills, youngsters can soak up a world of learning opportunities when their developing minds are unleashed. While the thought of dropping a smartphone or tablet into […]
“The guitar has a kind of grit and excitement possessed by nothing else.” – Brian May If someone was assigned to turn raw sexiness into an actual, physical real-world object, it would have to be a guitar. The sound. The fit. The swagger. The allure. The longing. It’s all right there in 38 inches and […]
There was already enough concern about the healthy state of our drinking water before COVID-19. And while there’s no evidence that the coronavirus has ever been detected in the water supply, the general sense of fear surrounding any type of contamination is obviously at a fever pitch everywhere. Contaminants like lead, chromium, arsenic, copper, mercury, […]