Enlarge (credit: Michael Ochs Archives/Getty Images)
Technologies such as Bluetooth Low Energy (BLE) have allowed an increasing number of devices to be controlled by mobile devices.

But as Ars has reported in the past, BLE devices also can be a privacy and security risk.

And as Alex Lomas of Pentest Partners found recently, some of these vulnerable devices are of a very personal nature. Lomas discovered that he could relatively easily search for and hijack BLE-enabled sex toys—a pursuit he named “screwdriving” (after the Wi-Fi network finding practice of “wardriving”).

Lomas performed a security analysis on a number of BLE-enabled sex toys, including the Lovesense Hush—a BLE-connected butt plug designed to allow control by the owner’s smartphone or remotely from a partner’s phone via the device’s mobile application. Using a Bluetooth “dongle” and antenna, Lomas was able to intercept and capture the BLE transmissions between the devices and their associated applications.
As it turns out, reverse-engineering the control messages between apps and a number of devices was not terribly difficult—the communications between the apps and the toys were not encrypted and could easily be recorded with a packet capture tool.

They could also be replayed by an attacker, since the devices accepted pairing requests without a PIN code—allowing anyone to take over control of them.
Read 2 remaining paragraphs

Leave a Reply