CVE-2023-26979

Vulnerability

The Bluetens Electrostimulation Device app (version 4.3.15) uses insecure Bluetooth Low Energy (BLE) communication, making it susceptible to man-in-the-middle (MITM) attacks. The device relies on BLE for control, including setting the stimulation intensity (0–60). The vulnerability exists because the app and device do not authenticate or encrypt BLE packets, allowing an attacker to inject or modify commands [1].

Exploitation

An attacker can exploit this vulnerability by being within BLE range (typically up to 10–100 meters) of the device and the connected smartphone. By performing a BLE MITM attack (e.g., using a spoofed peripheral or central), the attacker can intercept and modify the intensity values sent from the app to the device. This does not require authentication or user interaction beyond the initial BLE pairing [1].

Impact

A successful attacker can arbitrarily increase or decrease the stimulation intensity, potentially causing the device to deliver painful shocks or involuntary muscle contractions. Reference [1] notes that at intensity levels above 25, users experienced violent shaking; higher or sudden changes in intensity may cause serious harm. This represents a compromise of safety integrity, with potential for physical injury.

Mitigation

As of the publication of the advisory (August 2023), the Original Equipment Manufacturer (OEM) has not responded to vulnerability disclosures, and no patch or firmware update has been released [1]. Users are advised to discontinue use of the BluetensQ app version 4.3.15 and the associated device until a fix is provided. Using the device in a trusted, isolated environment may reduce risk, but no complete mitigation is available.