It sounds like a good idea to get fans who enjoy biking and skiing to wear smart helmets.
Protect your head and maintain contact with your group if you’re on slopes or trails.
Because of this, Livall, a well-known ski and bike helmet manufacturer, is likely to have created” smart” lines of products with “walkie-talkies” functionality that enable teams to communicate and keep track of one another’s whereabouts.
Security researchers regrettably claim that Livall’s use of the” smart” technology was completely foolish.
A security flaw, according to TechCrunchreports, allowed unauthorized parties to listen in on group conversations and track the whereabouts of anyone wearing their helmets.
The problem has now been fixed after security researchers from Pen Test Partners approached TechCrunch reporters after receiving no response from Livall.
Livall’s smartphone apps ask helmet owners to start a group so they can connect with friends, as Pen Test Partners explains in an article.
This is accomplished using Livall’s app, which asks for a code to be entered in order for users to join groups ( they have separate apps for bikers and skiers, but they operate in the same manner ). There were six digits in that code.
That six-digit group code simply is n’t random enough, according to Pen Test Partners ‘ Ken Munro. In a matter of minutes, we could brute force all group IDs.
This meant that all you had to do to join a group was enter an appropriate group code, making it simple to track someone’s whereabouts in real-time or listen in on conversations anywhere in the world without their consent.
Pen Test Partners discovered the flaw in Livall’s” smart” bike helmets as well, despite the fact that some of their researchers are skilled skiers.
The issue was made worse by Livall’s bike helmets. Livall’s smart ski helmets are only used by a small number of people, compared to the roughly one million people who use them for biking.
Before TechCrunch security editor Zack Whittaker brought up the problem with the company, the security researchers ‘ attempts to contact Livall about the flaw appeared to have gone unanswered. Livall unveiled a new app version on February 5 that significantly raises the difficulty of exploiting the issue by using six character alphanumeric codes rather than six digits.
Instead of allowing new group members to join unintentionally or without permission, one would hope that an updated app requires current group participants to approve new additions.
Update your app from the official Google Play or iOS App Store if you use a Livall smart helmet for biking or ski trips.