Screwdriving Is The Newest Infosec Term You Need To Know

Screwdriving Is The Newest Infosec Term You Need To Know
Image: iStock

The security industry is pretty good at coining new words to describe various methods of attack. Phishing, spear phishing, whaling and others have a piscatorial flavaour while wardriving sounds more combative. Well, there’s a new term coming through – screwdriving.

Screwdriving is like wardrving but it has an IoT focus. It’s all about discovering Bluetooth Low Energy (BLE) devices. But it’s not about finding all sorts of devices – it focuses on one class of gadget.

Screwdriving is about finding connected sex toys.

According to security researcher Alex Lomas of Pentest Partners, many of these devices are basically wide open. He pointed the finger at the recently released Lovense Hush connected butt plug (a phrase I never expected to type in my life!) as well as others.

Lomas said communications between the apps and the toys were sent unencrypted and could easily be intercepted with a packet capture tool. Then they could be replayed by a threat actor without a PIN giving attacker complete access.

The IoT world has a security issue. And Lomas’ research shows the security challenges go deeper than many people expected.


    • That’s my assumption. As is the case, the researcher is acting ethically and not detailing exactly how to exploit the devices so bad guys can’t copy his methods.

  • Jeez. That’s a pretty big security flaw on Lovense’s behalf. Let’s hope they’re on top of fixing that one.. Because there’s a lot of people who use their product, that’s a lot of potential targets.

Log in to comment on this story!