Screwdriving Is The Newest Infosec Term You Need To Know

The security industry is pretty good at coining new words to describe various methods of attack. Phishing, spear phishing, whaling and others have a piscatorial flavaour while wardriving sounds more combative. Well, there’s a new term coming through – screwdriving.

Screwdriving is like wardrving but it has an IoT focus. It’s all about discovering Bluetooth Low Energy (BLE) devices. But it’s not about finding all sorts of devices – it focuses on one class of gadget.

Screwdriving is about finding connected sex toys.

According to security researcher Alex Lomas of Pentest Partners, many of these devices are basically wide open. He pointed the finger at the recently released Lovense Hush connected butt plug (a phrase I never expected to type in my life!) as well as others.

Lomas said communications between the apps and the toys were sent unencrypted and could easily be intercepted with a packet capture tool. Then they could be replayed by a threat actor without a PIN giving attacker complete access.

The IoT world has a security issue. And Lomas’ research shows the security challenges go deeper than many people expected.


The Cheapest NBN 50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.

Comments


3 responses to “Screwdriving Is The Newest Infosec Term You Need To Know”

Leave a Reply