Weekly Threat News: 12th July, 2019

Weekly Threat News: 12th July, 2019
Userlevel 7
Badge +48
Our favorite Senior Threat Researcher, @FredFunk, is back this week with another roundup of all the the cybersecurity stories you may or may not have heard of.

Oh, and if you missed the #LifeatWebroot feature about Kelvin, be sure to check it out.

Weaponised Hair Straighteners?

Smart toilets, smart juicers, smart salt shakers and now…..smart hair straighteners. Devices made “smart” for dumb reasons in dumb ways. “The Glamoriser” is the “world’s first Bluetooth straightener” and lets users control some of its features from their phone via an app.

The Glamoriser

...and it's app interface

The app connects to your phone via Bluetooth and the clever people over at Pen Test Partners have realized that there are weaknesses in the security of this communication implementation. Anyone in Bluetooth range of the device can hack it once the original owner has stepped out of range. Once hacked the sleep time and max temperature of the device can be tampered with and could easily be maliciously changed to likely start fires.

“A little research online revealed a UK fire service quoted that up to 650,000 house fires have been caused across the UK by straighteners. Apparently one in three hair straightener users have burnt themselves!”

If you are buying a device and it’s online in anyway take a moment to think about whether it’s really necessary. If it’s not then my advice would be to not buy. Despite looming legislation in a lot of countries, IoT devices are still a minefield of bad security and can act as a backdoor for hackers to compromise your home or business networks. If you are buying a smart or connected device then find out what kind of reputation the manufacturer has and what assurances can be given about its security.

More from PTP

Record Breaking GDPR (inspired) Fine Handed to British Airways

In June 2018 British Airways suffered a bad data breach. Names, email addresses and credit card information of some half a million customers was stolen when attackers hacked the BA site. Details of the hack are open to speculation but whatever went down didn’t please the (British) Information Commissioner's Office who accused BA of poor security arrangements.

If this sentence was carried out last year BA would have got a slap on the wrist. However since the ICO changed their fine limit this year to a maximum of 4% of annual turnover, BA ended up paying £183m sterling. It’s harsh by all previous standards but “…then again it could have been worse: the full 4% of turnover would have meant a fine approaching £500m.”

More from BBC

Marriott Breach UK Fine Announced

In similar news the same U.K. data protection authority said it will serve hotel giant Marriott with a £99 million ($123 million) fine for a data breach that exposed up to 383 million guests. Both BA and Marriott have time to make appeals.

More from Techcrunch

0 replies

Be the first to reply!