Smart Sex Toy Device Security Remains a Priority
Potential ramifications are too high for teledildonics producers to ignore.
The sex tech space has significantly grown in customer base with user acquisition for such devices hitting a peak during the primacy of the Covid-19 pandemic and its waning months.
However, with an increasing trend in consumer use and the continued development of smart sex toys and their integration with mainstream adult platforms, there is an increased concern for user safety, data protection, and the vital cybersecurity standards that ensure elements of trust.
A problematic legacy
“When you look at things from the perspective of ‘what would I expect from a sex toy,' the level of security people expect is far higher than they currently allow in most devices,” says Brad “RenderMan” Haines, the white hat hacker who usually goes by his online handle.
“If we expected the same from our thermostats, fridges, baby monitors, etc as we would a connected sex toy, then we realize how bad the security, privacy and safety we tolerate actually is.”
Haines is one of the minds behind the Internet of Dongs Project, where he and his team dedicate their free time to hack smart sex toys to measure their security and privacy.
“Common problems I found early on were lack of authentication where someone could take over another person's account or gain access to private information like names, email addresses, and more,” he says. “I could determine who was allowed to connect to who for long distance control, thus revealing relationships.”
“Most frightening was several leaking GPS coordinates of the users when they were using the app, potentially enabling stalkers and others to locate users for harassment or other things.”
Ramifications of a sex tech data breach exceed other industries
“Fortunately, among the major vendors, they quickly realized the implications of what I'd found and for almost all of the vendors I reached out to, I had a laundry list of vulnerabilities and, in several cases, their entire user database was on a silver plate,” Haines says.
“Unfortunately, sex and sex tech remain a taboo topic for many folks, although they still engage privately,” notes sex tech evangelist Bobbi Bidochka in a different conversation.
“In fact, out of all the industries, the ramifications of data breaches and cyber attacks in sex tech far exceeds those of regular business.”
There is much at risk when you consider the scope of data and personal information tied to a smart sex toy and the operating systems used to power these devices, as Bidochka alluded.
Building a future where privacy is prioritized
Some companies have developed devices that have evolved to the point of informing users of how to have better orgasms during use through interactive visualizations.
James Wang, chief technical officer and a co-founder of Lioness.io, explained how his company protects this type of highly personal data.
Lioness is a brand of smart vibrators that utilizes its own software to improve orgasms through biofeedback protocols. By the nature of this data, security would mean top priority.
“We can’t fully comment on everything that’s done, but at least we’re seeing more companies implementing the bare minimum standards required for security and privacy on modern devices,” Wang says, alluding to cases like the We-Vibe class action lawsuit over data collection.
How companies like Lioness reduce the risk
“We not only ‘do the basics' in security policies, best practices, access control, and encryption; we also take explicit steps to anonymize data to reduce risk as much as we can,” Wang says.
“Even if someone breaks into our internal networks, steals our encryption key, and makes off with our data… they’d end up with anonymized usernames that can’t be tied back without also breaking into our authentication provider—a large, dedicated security firm,” he explains.
“The information you get out of that is ‘someone masturbated,' which is more or less valueless whether they were looking to try and monetize this data or simply expose it.”
Image sources: GuerrillaBuzz Blockchain PR Agency