CUPERTINO, Calif. (CAP) - A critical vulnerability in a wireless driver used by some Braun internet-enabled electric razors will be tough to patch, security researchers at Symantec Corp. said yesterday, even though exploit code has already been published and attacks have been reported.
The vulnerability in Braun's proprietary Whi-FiŽ wireless driver and subsequent exploit lets attackers override the maximum heatsync setting of the razor's internal circuitry, spiking the temperature of the blades to unsafe levels. To date there have been three reports of flash burns to the user's face and neck.
An alert posted on the facial networking site MyFace.com raised the alarm. In a warning to customers of its DeepSight threat management system, Symantec pegged the vulnerability's overall urgency rating at "10," its highest-possible level.
A statement released by Braun acknowledged the vulnerability and said its engineers "are working feverishly to produce a patch that will nullify any attempts to alter thermostat settings inside the eActivator and eSynchro series of electric razors." Braun officials also said they are working on improvements to their WhiDS [Whisker Detection System] application to try to prevent attacks like this from happening in the future.
In the meantime, Braun is urging consumers to avoid using the razors to check email and to only visit websites they consider to be "safe" while shaving.
Current sales of Braun's foray into wireless technology have been brisk, and consumer advocates do not expect those sales to lag at all due to this latest news. Posters on MyFace.com generally agree that if a patch is available by next month, Braun can avoid any major fallout due to the vulnerability.
Braun internet-enabled razors come equipped with 2" LED screens and wireless chips that allow consumers to check email and browse the web while shaving. Power is supplied to the rechargeable batteries by either a USB2.0 or optional FireWire port. Braun's product white paper calls it "the perfect marriage between shaving and surfing."
- CAP News Staff