Heels on fire. Hacking smart ski socks

The report assesses Therm-IC smart heated ski socks and finds a BLE security flaw: the power packs are always pairable without bonding or an explicit pairing mode, allowing anyone in Bluetooth range to connect and turn up the heat when the owner’s phone is out of range; the authors demonstrate this and suggest potential (yet unconfirmed) arbitrary code execution on the battery controller for a future post, while judging real-world risk as low.