Intercepted IoT: The unsecure sex toy that snitches on its users

blindfolded peek

The security of a sex toy is very serious business. This is the conviction of a New Zealand hacker that goes by the name of Follower. The hacker, speaking at a talk named Breaking the Internet of Vibrating Things at Def Con in Las Vegas earlier this month, is talking about the We-Vibe 4 Plus smart vibrator – an app-compatible pleasure toy “that allows couple’s to keep their flame ignited—together or apart,” according to its makers.

In spite of obvious laughs such a story will provoke, Follower states this is no laughing matter, explaining that the We-Vibe 4 Plus is not in the least secure and can be remotely controlled by an attacker who has intercepted the vibrator with a paired smartphone.

In The Guardian Follower was quoted as saying, “The company that makes this vibrator, Standard Innovation: They have over 2 million people using their devices, so what’s at stake is 2 million people.” He goes on to say that activation of such a device by a hacker is tantamount to sexual assault.

That in itself is a serious issue in a physical sense, but the wider ranging issue is the ongoing problem concerning privacy and the Internet of Things. As this report shows many of our smart devices are worryingly vulnerable to hacking, mostly because IoT manufactures may not have adhered to the most thorough security practices, don’t offer security updates, or that users of such devices are simply unaware of the implications of connecting to a smart device.

I can’t do it while you’re watching

In the case of the smart vibrator, the app was sending by-the-minute information back to the manufacturer, Standard Innovations Corp., concerning the changes in temperature and intensity of the device. This basically means the owner was for all intents and purposes being watched every time she, or perhaps he, was using it.

Standard Innovations responded to criticism in a press release saying, “We-Vibe collects data on the use of its products in terms of vibration intensity and mode for market research purposes so that we can better understand what settings and levels of intensity are most enjoyed.”

In the company’s privacy policy it states, “We reserve the right to disclose your personally identifiable information if required to by law,” but as Follower points out, this is some very personal information being collected. Frank Ferrari, President of Standard Innovations, said that the privacy policy for the smart vibrator states that data ‘may’ be collected on the user, but he also said that the company was now in the process of revising its privacy and data collection protocols.

photo credit: she burns via photopin (license)