Bluetooth sex toys are trivial to compromise just by walking around neighborhoodsOn October 4, 2017 by Ilene
Bluetooth Low Energy (BLE) is the go-to protocol for low-powered networking in personal devices, so “smart” sex-toy manufacturers have adopted it — despite the protocol’s many vulnerabilities. That means that hackers can now wander city streets, detecting and compromising sex toys from the sidewalk, in a practice that Pentest Partners’ Alex Lomas has dubbed “Screwdriving” (analogous to “Wardriving”).
Lomas demonstrated the attack by wandering the streets of Berlin, compromising Lovesense Hush buttplugs. He also demonstrated that he could attack and compromise his father’s BLE-enabled hearing aid, controlling what sound was played, allowing him to put voices in his father’s head, or selectively alter his hearing.
As it turns out, reverse-engineering the control messages between apps and a number of devices was not terribly difficult—the communications between the apps and the toys were not encrypted and could easily be recorded with a packet capture tool. They could also be replayed by an attacker, since the devices accepted pairing requests without a PIN code—allowing anyone to take over control of them.
The BLE beacons of these devices also make them particularly vulnerable to remote detection. The Hush in particular is vulnerable to tracking, as every Hush has the same Blutooth device name—making it easy to spot one while scanning. Lomas noted that while walking in Berlin recently with a Bluetooth discovery app on his phone, “I was genuinely surprised to see the Hush BLE name, LVS-Z001, pop up.”
Screwdriving. Locating and exploiting smart adult toys
[Alex Lomas/Pentest Partners]
“NSFW” doesn’t begin to describe Bluetooth security in sex toys
[Sean Gallagher/Ars Technica]
Just over a year ago, Yahoo admitted that it had been hacked in 2013, and estimated that 500 million accounts had been compromised (the company blamed state-sponsored actors, and federal prosecutors have indicted two Russian spies for ordering the operation). Now the company has admitted that all three billion of its accounts were affected.
Turns out that the total number of people whose lives Equifax ruined by doxing them and then dumping all their most sensitive personal and financial data is 145,500,000, not 143,000,000. The company’s new CEO apologized for the misunderstanding, and persisted in calling the people his company destroyed “customers” despite the fact that the vast majority […]
Long after Equifax was breached by hackers, but before they told anyone else about it, some of its top execs sold off millions of dollars in stock, getting out before the stock tanked which would be blatantly illegal if the execs in question knew that the company had been breached.