tldr - powered by Generative AI

• Livall, a popular manufacturer of ski and bike helmets, developed a 'smart' line of products with 'walkie-talkie' functionality for groups to stay in touch and track each other's location.
• A security flaw in Livall's implementation allowed unauthorized parties to track the location of helmet wearers and listen to group conversations.
• The flaw was discovered by security researchers at Pen Test Partners, who found that the six-digit group code used to join a group was not random enough and could be easily brute-forced.
• Livall addressed the flaw by releasing a new app version that uses six character alphanumeric codes instead of six-digit numeric codes.
• The updated app should require existing group members to approve new additions, preventing unauthorized access.