Tactical tornado (2 different blog posts)
Summary
This article exposes a security flaw in a consumer IoT device (a smart sleep mask) that left an open MQTT broker exposing brainwave data from multiple devices. It details BLE discovery, APK/Dart Flutter reverse engineering, and the risk of hardcoded credentials across devices, highlighting critical SMB IT security lessons for securing IoT deployments and responsible disclosure practices.