Adding AI to sinus surgery system saw malfunctions rocket from eight to 100 incidents, according to new investigation
Much to no software engineer's surprise, he found some hard-coded access credentials in the app binary, apparently shared across all copies of the app (doh!), as well as the expected API endpoints for sending/receiving data remotely. Eventually, he and Claude mapped out the mask's 15 commands and functions, and had the communication protocol reasonably reverse-engineered.
It was then time to make a small web app to control the mask. That worked fine, and Hatzistamou could get his mask's information and control its functions without using the buggy Android application. Alas, that was not the end of the story. During the reverse-engineering, he had Claude poke at the remote data endpoints. When connecting to the MQTT services with the aforementioned hardcoded credentials, he did indeed get his sensor readings… along with everyone else's.
Hatzistamou estimated that among the received data, about 25 masks were in use right there and then, and he even captured the real-time EEG readings from two hapless people somewhere on the planet. Since the mask has electrical muscle stimulation (EMS) and the access credentials are the same for every device, he could theoretically tell other masks to trigger electrical impulses.
The engineer sent his findings to the company, as he actually sounds happy with the product, data issues notwithstanding. As a developer myself, this situation doesn't appear to show any malicious intent from the makers and serves as yet another unsurprising illustration of how low the bar has become for software development in this day and age.
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Key considerations
- Investor positioning can change fast
- Volatility remains possible near catalysts
- Macro rates and liquidity can dominate flows
Reference reading
- https://www.tomshardware.com/peripherals/wearable-tech/SPONSORED_LINK_URL
- https://www.tomshardware.com/peripherals/wearable-tech/engineer-finds-his-smart-sleep-mask-can-read-other-peoples-brainwaves-superpower-granted-via-poor-quality-software-with-hardcoded-high-level-credentials#main
- https://www.tomshardware.com
- How to Get Started With Visual Generative AI on NVIDIA RTX PCs
- GeForce NOW Turns Screens Into a Gaming Machine
- Accelerating Science: A Blueprint for a Renewed National Quantum Initiative
- Leading Inference Providers Cut AI Costs by up to 10x With Open Source Models on NVIDIA Blackwell
- GeForce NOW Brings GeForce RTX Gaming to Linux PCs
Informational only. No financial advice. Do your own research.