Skip to main content

Posts

Showing posts with the label Bluetooth

Denial-of-Service and Man-in-the-middle vulnerabilities found in Smart scale IoT device

An IoT device analyzed by researchers was found to have four security flaws that could allow attackers to perform denial of service (DoS) and man-in-the-middle(MITM) attacks. The device’s associated mobile apps on iOS and Android also had other privacy issues. A string of security flaws was found in an IoT device that monitored users’ weight and related body factors. The device, known as Smart Scale PW 5653 by AEG is prone to adversarial situations such as DoS and MITM attacks. On Monday, security firm Checkmarx discovered these security loopholes in their analysis of the device. In addition, mobile apps associated with Smart Scale also had privacy issues. As per the  report  by David Sopas of Checkmarx, vulnerabilities were mainly related to Bluetooth security. Attackers could exploit the Bluetooth Low Energy(BLE) technology in Smart Scale and conduct DoS as well as change internal settings in the device. The report classified the four vulnerabilities as ‘medium’ severity.