Security researchers with Pen Test Partners have discovered a vulnerability in the Lovense Hush sex toys, an IoT-enabled butt plug. The recent discovery that internet connected sex toys have major security and privacy flaws should come as no shock but this does raise the issue of how to both satisfy the consumer’s needs while providing maximum protection.  T

by Vít Šembera (Cyber Threat Researcher) BlueBorne is a set of vulnerabilities affecting the implementation of Bluetooth in iOS, Android, Linux, Windows and Mac OS* devices. According to the researchers who uncovered them, BlueBorne affects around 5.3 billion Bluetooth-enabled devices. The immediate mitigation for BlueBorne is to patch the device, if there’s

This blog has featured several stories about “overlay” card and PIN skimmers made to be placed atop Ingenico-brand card readers at store self-checkout lanes. I’m revisiting the topic again because a security technician at a U.S.-based retailer recently shared a few photos of several of these devices pulled from compromised card terminals, a

Most users take Bluetooth security for granted. When you’re enjoying the convenience of hands-free phone conversations, streaming podcasts in your car or jogging with your awesome new wireless headphones, do you need to worry about whether the communication channel is secure or not? What’s acceptable for consumers may not meet corporate standards

This blog has featured several stories about payment card skimming devices designed to be placed over top of credit card terminals in self-checkout lanes at grocery stores and other retailers. Many readers have asked for more details about the electronics that power these so-called “overlay” skimmers. Here’s a look at one overlay skimmer  e

Crooks who deploy skimming devices made to steal payment card details from fuel station pumps don’t just target filling stations at random: They tend to focus on those that neglect to deploy various tools designed to minimize such scams, including security cameras, non-standard pump locks and tamper-proof security tape. But don’t take my word for

Internal workshops are one of the reoccurring events at ERNW, that help us to gain knowledge in areas outside our usual expertise. One of the recent workshops which happened during the week from August 22nd-25th was Hardware Hacking. Held by Brian Butterly (@BadgeWizard) and Dominic Spill (@dominicgs), this workshop took place in two parts. Brian kickstarted

Security Researchers demonstrated at the Def Con hacker conference how it is easy to open some Bluetooth-based smart locks. Last week security researchers Ben Ramsey and Anthony Rose of Merculite Security demonstrated at the Def Con conference how it is easy to open some Bluetooth-based smart locks. The duo analyzed 16 smart locks from companies such as Ceom

A security researcher has developed a method by which one can exploit a vulnerability in FitBit fitness trackers and subsequently deliver malware to the target device in 10 seconds.FitBit (Source: PCMag)Axelle Apvrille (@cryptax), a malware researcher at network security firm Fortinet, has found that FitBit wearables are open on their Bluetooth ports, a prop

-Sept. 9, 12:30 p.m. CT, Yucatan Peninsula, Mexico: Halfway down the southbound four-lane highway from Cancun to the ancient ruins in Tulum, traffic inexplicably slowed to a halt. There was some sort of checkpoint ahead by the Mexican Federal Police. I began to wonder whether it was a good idea to have brought along the ATM skimmer instead of leaving it in t

BTCrawler is an application used to to discover Bluetooth devices and the services they provide, it is useful if you wish to know which Bluetooth enabled devices are in your proximity for debugging, spying, curiosity or any other purpose.With this program you’ll be even able to find every service provided by those devices and to list all its Bluetooth

Today, finally my ubertooth arrived and I immediately started hacking with it. I installed its libraries and tools both on OS X and on my Linux virtual machine, and after a while I noticed a few things: The compilation process is not well documented for newer versions of OS X, thus manual code patching here and there is required. Some of the tools are o

BlueScan is a BASH script that acts as a Bluetooth device scanner. It’s a tool designed to detect Bluetooth devices within the radio range of your system and extract as much information as possible from the devices without the requirement to pair.The tool works unobtrusively, ie without establishing a connection to the devices found and undetected. No

BlueMaho is GUI-shell (interface) for a suite of tools best used for Bluetooth security testing. It is freeware, opensource, written on python, uses wxPython. It can be used for testing BT-devices for known vulnerabilities and major thing to do – testing to find unknown vulns. Also it can form nice statistics.I did get interested in Bluetooth for a whi

Security experts at BitDefender demonstrated how is possible to access data exchanged between a smartwatch and a smartphone via Bluetooth. The paradigm of Internet of Things is influencing modern society and the way it approaches the technology in everyday life. An impressive amount of Intelligent devices surround us, but of