Daily Archives: October 5, 2017

Dutch defence minister and top general step down for munition problem out of their control. How is this taking responsibility?

Posted on by
Reply

Due to an accident caused by a mortar exploding within the launch tube, both the Dutch minister of Defence, Jeanine Hennis-Plasschaert, and commander of the armed forces, Tom Middendorp have both fallen on their swords.

The incident involved the sloppy purchasing of a mortar grenade in 2006 (expedited for the Afghan war), which led to it being used in an unsafe manner. Rapport here

Both people stepping down were obviously nowhere near this purchase in 2006. It was also not their fault that the Ministry of Defence has been woefully underfunded for years. However political responsibility requires that they step down? I don’t really understand this.

The fact is that in a cabinet with jokers, the minister was doing a good job and the only minister in the NL who understands fully the necessity of broad co-operation – not only with NATO – but within the EU. Tom Middendorp is respected by his coalition partners. The Netherlands is losing two good people for political expediency. It’s a waste.

BLE is weak and can be used to map and hack sex toys, hearing aids. The rise of screwdriving

Posted on by
Reply

Using your favourite BLE sniffing hardware (we used a Bluefruit but an Ubertooth is just as great) you can visualise the BLE packets in Wireshark.

In this case we can see the app has caused the Hush to start vibrating when the handle 0x000e has “Vibrate:5” written to it.
We can also start to replay commands from within Kali, so no smartphone app is required.
BLE devices also advertise themselves for discovery, which anyone can find, in this case the Hush calls itself LVS-Z001 – this is the same across all Hush devices we’ve looked at, so it’s like a unique fingerprint.
Note that there is no PIN or password protection, or the PIN is static and generic (0000 / 1234 etc) on these devices. This isn’t a problem just with the Hush, we’ve found the same problem in the following:

Kiiroo Fleshlight
Lelo
Lovense Nora and Max

In fact, we’ve found this issue in every Bluetooth adult toy we’ve looked at!

The challenge is the lack of a UI to enter a classic Bluetooth pairing PIN. Where do you put a UI on a butt plug, after all?

The only protection you have is that BLE devices will generally only pair with one device at a time, but range is limited and if the user walks out of range of their smartphone or the phone battery dies, the adult toy will become available for others to connect to without any authentication.

[…]
It’s important at this point to say that we’ve not set out to kink-shame anyone for their use of these devices: adult toys appeal to a huge spectrum of people and their ubiquity allows people to enjoy a sex-positive life, however we think that these same people should be able to use them without fear of compromise or injury. Talking about these issues will hopefully lead the industry to improve the security of its toys.

Having an adult toy unexpectedly start vibrating could cause a great deal of embarrassment.
[…]
I managed to find them [hearing aids] broadcasting whilst we were having lunch one day. They have BLE in them to allow you to play back music, but also control and adjust their settings (like if you’re in a noisy restaurant or a concert hall). These things cost £3500 and need to be programmed by an audiologist so not only could an attacker damage or deprive someone of their hearing, but it’s going to cost them to get it fixed.