Bluetooth-connected sex toys – what could possibly go wrong? Some cybersecurity experts decided to find out.
Computer nerds from the Pen Test Partners security blog headed out to the streets of Berlin to see how easily they could find and exploit the city’s Bluetooth-connected butt plugs.
For the uninitiated, these smart adult toys are designed to be hooked up to the "Internet of Things" so users can connect their sex toy to their smartphone, allowing them or a partner to control some of the settings remotely.
The security experts bought themselves a smart butt plug (for "research" purposes) and searched for vulnerabilities using a program for digital forensics and penetration-testing (no pun intended). They note that most of the Bluetooth sex toys they came across were not PIN or password protected, or it was a crappy default PIN like 0000 or 1234.
Next, they hit the streets of Berlin to see if they could locate any of these devices in practice. As you can imagine, Berlin is a city in no short supply of sex toys. So, Pen Test Partners managed to come across one of these devices simply by recognizing one of the adult toy’s Bluetooth Low Energy (BLE) name on a Bluetooth discovery app.
“BINGO! This is genuinely the discovery of a Hush plug, ready and waiting for anyone to connect to it, on a public street,” they wrote in a blog post.
The researchers did not attempt to connect to any devices without consent, obviously. However, they said that they could have easily cranked up the sex toy’s motor to full speed with “no way” for anyone to stop them, provided they stay connected to the Bluetooth network.
They stressed that this experiment was not about “kink shaming”, they just felt it was important that people are aware of the risks. After all, what you do in your private life is your business, but if you are unwittingly laid bare to potential hacking, that's pretty scary.
This is not the first time fears have been raised about smart sex toys. Last summer, two hackers at the DEF CON 24 Hacking Conference suggested that the We-Vibe 4 Plus sex toy is able to record and transmit data of an intimate nature to the company in real-time. Months later, a woman took a sex toy company to court after it had allegedly collected “private usage information” from her smart sex toy.
Despite the security risks and lack of standards, the number of devices – whether it’s sex toys, refrigerators, you name it – joining the “Internet of Things” is skyrocketing. According to a new Verizon Communications Inc report called “State of the Market: Internet of Things 2017”, billions of dollars are being flooded into this field by practically every industry imaginable.
[H/T: The Register]