• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2019
  • July
  • 16
  • Smart Hair Straightener Vulnerability Discovered That Could Set Your House on Fire

Smart Hair Straightener Vulnerability Discovered That Could Set Your House on Fire

July 16, 2019 Comments Off on Smart Hair Straightener Vulnerability Discovered That Could Set Your House on Fire
hair straightner hacked

The convenience of IoT and smart devices attracts us all, however the resilience to being hacked element is often overlooked by creators. Once again, researchers have found ways of setting a house on fire – simply by hacking a smart hair straightener.

This time, the vulnerable product is the Glamoriser Bluetooth hair straightener.

Hacking Smart Hair Straightener

Researchers from Pen Test Partners have found a way to set fire via a smart device. This time, they have experimented with the Glamoriser smart hair straightener. As reported, an adversary can break into the device mechanism and take control of the product.

As stated in their blog post, Glamoriser hair straighteners have an obvious flaw that allows anyone to connect with the device via Bluetooth. This can let a perpetrator alter the hair straightener’s temperature. If too high, the device can burst into flames.

The product comes with a simple smartphone application that controls the device settings. Upon decompiling the APK, the researchers found that the device logs every activity. A potential attacker can also learn how the BLE commands are sent. Digging further can even enable the attacker to send commands to the straighteners. The researchers have shared technical details about this phenomenon in their blog post.

What’s more troublesome is that the device allows any Bluetooth connection without authentication when turned on. As stated in their blog,

There is no auth on the BLE communications between the device and the phone. Data can be sent to the device at any time as long as it is turned on (via the mains power socket).

The researchers could easily send commands to the device to change temperature and settings.

Device Remains Vulnerable To Low Probability, High Severity Attacks

According to the researchers, the hair straightener accept Bluetooth connections from any device without authentication. The makers have applied no verification means to authenticate a connection. Thus, anyone within the Bluetooth range can meddle with the app.

As there is no pairing or bonding established over BLE when connecting a phone, anyone in range with the app can take control of the straighteners.

This could have been avoided had the devices had some apparent security measures.

This attack requires the hacker to be within Bluetooth range, but it would have been so easy for the manufacturer to include a pairing/bonding function to prevent this. Something as simple as a button to push to put the straighteners in pairing mode would have solved it.

The device implies certain fundamental settings to avoid obvious damage, such as no response to temperature changes below 50 °C or above 235 °C, or a mandatory sleep after 20 mins. However, a perpetrator can meddle with the settings to change these settings to the maximum allowed values.

Furthermore, the device only allows accepting one phone connection at a time. However, according to the researcher, many customers of these hair straighteners never connect a phone to the product. Thus, their devices remain vulnerable to hacking attacks.

For now, there seems no viable security measure to avoid the problem altogether. The entire responsibility lies on the users to remain careful.

Post navigation

Megaping – Network Mapping Toolkit
pyvit: Python Vehicle Interface Toolkit

Related Articles

Austrian Resold Drugs Purchased on The Dark Web

Austrian Resold Drugs Purchased on The Dark Web

- Dark Web News
January 29, 2023
Former Doctor Imprisoned for Attempting to Hire Hitmen

Former Doctor Imprisoned for Attempting to Hire Hitmen

- Dark Web News
January 26, 2023
Counterfeit Oxycodone Vendor “MadHatterPharma” Pleads Guilty

Counterfeit Oxycodone Vendor “MadHatterPharma” Pleads Guilty

- Dark Web News
January 22, 2023
hacker gadgets
hacker phone covers

Recent Posts

Yaralyzer - Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors

Yaralyzer – Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors

January 29, 2023
Austrian Resold Drugs Purchased on The Dark Web

Austrian Resold Drugs Purchased on The Dark Web

January 29, 2023
SSTImap - Automatic SSTI Detection Tool With Interactive Interface

SSTImap – Automatic SSTI Detection Tool With Interactive Interface

January 28, 2023
Octosuite v3.0.4 releases: Advanced Github OSINT Framework

Octosuite v3.0.4 releases: Advanced Github OSINT Framework

January 28, 2023
firebaseExploiter: discovers open and exploitable Firebase Database

firebaseExploiter: discovers open and exploitable Firebase Database

January 28, 2023
CISA Warns of Hackers Exploiting CVE-2017-11357 Vulnerability

CISA Warns of Hackers Exploiting CVE-2017-11357 Vulnerability

January 27, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW