How to start a fire — hack a hair straightener

By Natasha Doyle
Tuesday, 16 July, 2019

Imagine: an arsonist is walking down a busy street, itching to start a fire. They don’t have a lighter or petrol. But they do have a mobile phone.

No, this isn’t another exploding Samsung story. This is the story of a Bluetooth-connected, hackable hair straightener…

On 12 July, Pen Test Partners (PTP) reported that they’d managed to start a fire by hacking the Glamoriser smart straightener and its associated app.

The Glamoriser app enables a user to change their hair straightener’s temperature and turn it on or off remotely so, theoretically, they wouldn’t have to worry about whether they left it on when they left the house.

However, PTP found that the Bluetooth connection is unsecured — so anyone within range can hijack the straightener, set it to its maximum temperature (235°C — two degrees above the flashpoint of paper), max-out its sleep time to 20 minutes and walk away (so long as no-one else is connected to it already).

While Australian statistics for hair straightener-induced fires are unavailable — and we're not too sure how many ITPA members might use hair straighteners anyway (but you never know) — Electrical Safety First estimates that over 650,000 UK house fires have been started by electrical beauty products, such as hair straighteners, being left on. Additionally, PTP said a third of hair straightener users have burnt themselves.

PTP said the the problem could be easily straightened out by adding a pairing or bonding function.

Image credit: © stock.adobe.com/au/TravelPhotography

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.