TBH
I'd be surprised if there WAS security built in.
Hacking LED Halloween masks is frighteningly easy
Hacking makes the holidays so much more enjoyable, and nothing says trick or treat quite like pwning LED Halloween masks belonging to every neighborhood kid during candy-collection hours. After purchasing a Bluetooth Low Energy (BLE) enabled mask with a programmable app for his family's "anything that glows" themed Halloween …
-
-
Friday 31st October 2025 14:49 GMT A. Coatsworth
Re: "BLE enabled mask with a programmable app"
>>What's the worst than can happen ? Tell me, please.
Given that each mask on the streets probably means one "Shining Mask" app installed, from a company with such ironclad approach to security, I can see the worst that could happen being really ugly
-
Friday 31st October 2025 05:56 GMT Anonymous Coward
Fun fun fun
The masks do look like fun, plus safer than tartrazine and related Mountain Dews ... but at 2,000 to 3,600 SMD RGB LEDs model 2121 eating 250 mW (max) of juice each, ain't they 400 to 900 Watt affairs (toaster range) that could run through batteries in a second flat at full tilt? The shop page just mentions 4-hour USB-C charging and 8-hours use which I'd guess corresponds to relatively low mean brightness levels ... or all LEDs off(?).
Regular ole' masks, or even makeup, might provide as much fun with better mileage imho, plus safety from hackers and your face looking like crispy bread!
-
Friday 31st October 2025 09:20 GMT Anonymous Coward
Re: Fun fun fun
I don't know where you got your figures from, but those LEDs normally run on just a few milliamps, at about 3 volts, so let's call it 15mW each. Extrapolate that and you're looking at 2-3 watts, which ties in with battery capacity. Remember that for most designs only a subset of the LEDs will be illuminated.
2121 as an SMD descriptor just tells you the physical size (2.1mm by 2.1mm) not a particular product.
-
Saturday 1st November 2025 00:04 GMT Anonymous Coward
Re: Fun fun fun
Good point! I based my calcs on the WS2816B-2121 that can pull 45 mA at 5.5 Volts (so 250 mW), but some common 64x64 flat panels (4096 LEDs) seem to pull less, like 19 W or 60 W ... yet some are puzzling, reporting 25 W of "module power" but 800 W of "maximum power consumption" (under which conditions ... who knows!? who cares? it's just fun????).
Bottom line, the RGB LED mask vendors should definitely provide the electrical specs of their gizmos rather than vague geez-woowee-type statements (yes, on their websites). If the things can be easily hacked (per TFA), and they're using WS2816B-2121-type LEDs (for high brightness as they state) the potential for tangible harm may well be there ... which is quite frightening imho.
-
-
-
Friday 31st October 2025 13:26 GMT cyberdemon
To be fair, the dev has deliberately left out the bit that encodes a custom image for the masks. So anyone casually downloading and running this will only be able to display the standard fox face on some unsuspecting trick-or-treater.
-
Friday 31st October 2025 08:22 GMT JLV
One thing about being a big Sci Fi reader is trying to project into a reverse Connecticut Yankee situation. Imagine you're a tech-savvy 1950s dude(tte) who went into a coma and has just been revived with the wonders of modern medicine...
What is this article about? The words are English but make little sense. What is "hacking" and once you understand the term, what on earth does it have it to do with Halloween masks? Why would someone computerize a Halloween mask? Probably with more computing horse power than the Space Shuttle? Why would someone hack it?
Jump forward to 2150 and think about the sweet summer children of the early 21st century that allowed unprotected computing nodes to proliferate. A hacked mask could do all sorts of things, including eavesdropping on nearby Bluetooth emissions and reporting back to far-removed surveillance nodes via other hacked consumer devices in a mesh.
Much like late 1990s folk who would send each other meme .EXEs via email for entertainment. And run the ones they received.
-
Friday 31st October 2025 09:58 GMT Jellied Eel
.. reporting back to far-removed surveillance nodes via other hacked consumer devices in a mesh.
Surveillance nodes you say? So I'm kinda wondering what fun could be had with the HD mask vs facial recognition systems. Tempted to buy one now, especially if it's easy to load it with your own images. But also perhaps wait. 2.1mm pixels this year, and wonder how long it'll take to reduce that to 1mm or smaller.
-
-
Friday 31st October 2025 13:49 GMT John Brown (no body)
Trick or treat?
Well, nice to the "trick" part of trick or treat being put to good effect. Mostly these days it's entirely about the treat part. Or demanding money with menaces as some would see it :-)
It did, after all, get imported to the US from Scotland, via Canada, and was originally more about the participants performing some little act or song and then getting a treat for doing so.
-
Friday 31st October 2025 14:23 GMT Anonymous Coward
Does it also work on Vapes ?
From the discarded and smashed examples littering our streets there seems to be some electronics in there so I wouldn't be surprised if BLE was in there too.
You could remotely turn the blighters off in public spaces.
I just realized there are more "intimate" BT/BLE controlled "adult devices" that possibly don't require pairing ...
-
Friday 31st October 2025 18:33 GMT JPCavendish
Re: Does it also work on Vapes ?
"I just realized there are more "intimate" BT/BLE controlled "adult devices" that possibly don't require pairing ..."
There are. Walk around with a suitably configured RPI and all you have to do is listen for the unexpected gasp. Or shriek, depending on how you've configured it.
-
-
Friday 31st October 2025 20:44 GMT Simon Harris
Re: Does it also work on Vapes ?
From these very pages from a few years ago…
https://www.theregister.com/2018/02/02/adult_fun_toy_security_fail/
-
Biting the hand that feeds IT
