Smart sex toys are at risk of being hacked. It sounds like the beginning of a bad joke, but there are some very serious ramifications to the idea of people getting access to your sex toys. We weren’t just talking about simple adjustments to the vibration intensity here …
Imagine being locked in a chastity belt by an unknown hacker or believing your partner is controlling a toy only to find out later that it was a complete stranger.
According to ESET safety researchers Denise Giusto Bilić and Cecilia Pastorino (via BleepingComputer), these are just some of the potential dangers of the inherent weaknesses identified in smart sex toys.
Many portable sex devices these days include features that go beyond simply pressing the Go button remotely. When you are connected to your smartphone, you can use the associated apps to video chat with your partner remotely or to allow file transfers. Some store sensitive information such as username, sexual orientation, and gender. Some even let you save a list of sexual partners.
Sex devices are evolving day by day, and the more features and connectivity the risk increases. With Bluetooth Low Energy (BLE) and remote access via the Internet, these devices are open to both local and remote attacks.
Should hackers exploit the encryption weaknesses in the toy’s end-to-end API, they could gain access to the user’s sensitive data, and some might even opt for “sextortion”. This means coercion, usually blackmail, of a user by a hacker with access to his personal data. It is a real and terrible thing.
In addition, remote access means that a Man-in-the-Middle (MitM) hacker can gain direct control of a device and even completely ban users. In some cases, hackers have even managed to physically lock users into place. Scary stuff, especially with the potential to * gulp * “use a grinder or bolt cutter to get yourself free”. No thanks.
Bilić and Pastorino even wonder if “an attack on a sexual device [is] sexual abuse and could it even lead to sexual assault charges? “
As you can see, these types of attacks have a number of terrible moral implications that have yet to be investigated as remote technology becomes an increasingly common part of our lives.
Fortunately, intelligent sex toy developers are getting smarter and smarter. Companies like Lovense are rolling out updates in response to vulnerability tests from the ESET Research Lab to address potential cybersecurity vulnerabilities.
The best way for you to immediately protect your data while using such devices is to not store any personal data in these apps at all. That way, no one who gets access should be able to leverage you. Make sure to check the type of encryption that is also used by each device you plan to use.
Anything that uses the “Just Works” method of bluetooth pairing is at risk of hackers gaining local bluetooth control, which isn’t even that difficult.