Adding AI to sinus surgery system saw malfunctions rocket from eight to 100 incidents, according to new investigation
Much to no software engineer's surprise, he found some hard-coded access credentials in the app binary, apparently shared across all copies of the app (doh!), as well as the expected API endpoints for sending/receiving data remotely. Eventually, he and Claude mapped out the mask's 15 commands and functions, and had the communication protocol reasonably reverse-engineered.
It was then time to make a small web app to control the mask. That worked fine, and Hatzistamou could get his mask's information and control its functions without using the buggy Android application. Alas, that was not the end of the story. During the reverse-engineering, he had Claude poke at the remote data endpoints. When connecting to the MQTT services with the aforementioned hardcoded credentials, he did indeed get his sensor readings… along with everyone else's.
Hatzistamou estimated that among the received data, about 25 masks were in use right there and then, and he even captured the real-time EEG readings from two hapless people somewhere on the planet. Since the mask has electrical muscle stimulation (EMS) and the access credentials are the same for every device, he could theoretically tell other masks to trigger electrical impulses.
The engineer sent his findings to the company, as he actually sounds happy with the product, data issues notwithstanding. As a developer myself, this situation doesn't appear to show any malicious intent from the makers and serves as yet another unsurprising illustration of how low the bar has become for software development in this day and age.
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Key considerations
- Investor positioning can change fast
- Volatility remains possible near catalysts
- Macro rates and liquidity can dominate flows
Reference reading
- https://www.tomshardware.com/peripherals/wearable-tech/SPONSORED_LINK_URL
- https://www.tomshardware.com/peripherals/wearable-tech/engineer-finds-his-smart-sleep-mask-can-read-other-peoples-brainwaves-superpower-granted-via-poor-quality-software-with-hardcoded-high-level-credentials#main
- https://www.tomshardware.com
- Samsung’s 27-inch Odyssey OLED G5 G50SF goes on sale at Amazon — 1440p resolution, 180 Hz refresh rate, 0.03ms response time for under $400
- DXRacer Martian Pro Red Triangle review: Built for the fans
- Grab this gigantic, 1600W 80+ Platinum power supply for just 33 cents per watt — Seasonic's Prime TX 1600W is down to just $532
- Save up to $40 on Samsung’s 800MB/s P9 Express microSD card this Presidents' Day — super-speedy storage for your Nintendo Switch 2
- ‘Largest Infrastructure Buildout in Human History’: Jensen Huang on AI’s ‘Five-Layer Cake’ at Davos
Informational only. No financial advice. Do your own research.