The convenience of IoT and smart devices attracts us all, however the resilience to being hacked element is often overlooked by creators. Once again, researchers have found ways of setting a house on fire – simply by hacking a smart hair straightener.
This time, the vulnerable product is the Glamoriser Bluetooth hair straightener.
Hacking Smart Hair Straightener
Researchers from Pen Test Partners have found a way to set fire via a smart device. This time, they have experimented with the Glamoriser smart hair straightener. As reported, an adversary can break into the device mechanism and take control of the product.
As stated in their blog post, Glamoriser hair straighteners have an obvious flaw that allows anyone to connect with the device via Bluetooth. This can let a perpetrator alter the hair straightener’s temperature. If too high, the device can burst into flames.
The product comes with a simple smartphone application that controls the device settings. Upon decompiling the APK, the researchers found that the device logs every activity. A potential attacker can also learn how the BLE commands are sent. Digging further can even enable the attacker to send commands to the straighteners. The researchers have shared technical details about this phenomenon in their blog post.
What’s more troublesome is that the device allows any Bluetooth connection without authentication when turned on. As stated in their blog,
There is no auth on the BLE communications between the device and the phone. Data can be sent to the device at any time as long as it is turned on (via the mains power socket).
The researchers could easily send commands to the device to change temperature and settings.
Device Remains Vulnerable To Low Probability, High Severity Attacks
According to the researchers, the hair straightener accept Bluetooth connections from any device without authentication. The makers have applied no verification means to authenticate a connection. Thus, anyone within the Bluetooth range can meddle with the app.
As there is no pairing or bonding established over BLE when connecting a phone, anyone in range with the app can take control of the straighteners.
This could have been avoided had the devices had some apparent security measures.
This attack requires the hacker to be within Bluetooth range, but it would have been so easy for the manufacturer to include a pairing/bonding function to prevent this. Something as simple as a button to push to put the straighteners in pairing mode would have solved it.
The device implies certain fundamental settings to avoid obvious damage, such as no response to temperature changes below 50 °C or above 235 °C, or a mandatory sleep after 20 mins. However, a perpetrator can meddle with the settings to change these settings to the maximum allowed values.
Furthermore, the device only allows accepting one phone connection at a time. However, according to the researcher, many customers of these hair straighteners never connect a phone to the product. Thus, their devices remain vulnerable to hacking attacks.
For now, there seems no viable security measure to avoid the problem altogether. The entire responsibility lies on the users to remain careful.