What to Consider Before Buying a Bluetooth-Enabled Sex Toy
Controlling a partner’s sex toy remotely sounds exciting. But what are the privacy-related risks?
People worry all the time about having their passwords exposed online but are often unaware of the potential risks associated with many Internet-connected toys.
When it comes to these devices, privacy is even more important. A smart adult toy and its dedicated app can collect very private data about the user’s sex life.
White-hat hackers claim many popular smart adult toys aren't secure
In 2017, We-Vibe had to pay £3 million in compensation because of an alleged security flaw in their app.
According to two hackers, the app was collecting intimate data, such as the real-time temperature of the device, the vibration intensity, and the exact time the user was playing with the device. We-Vibe claimed that these data were only used for statistical purposes, but they failed to warn the users, so two female customers decided to sue the company.
In the same year, white-hat hackers from the Internet security firm Pen Test Partners could break into the Svakom Siime Eye’s web interface. This popular vibrator features an endoscopic camera. Pen Test Partners claims that its staff could access any user’s camera feed with surprising ease. The white-hat hackers also say they were able to locate any user playing with the device.
Additionally, the firm claimed that even a person with basic hacking skills could do this and violate the privacy of a Siime Eye user.
SEC Consult, another cyber security firm, allegedly found “multiple critical vulnerabilities” in smart sex toys from Vibratissimo. The Vibratissimo app has a chat feature that lets users exchange private photos and messages with an intimate partner. However, SEC Consult alleged that photos and texts sent through the app were “basically readable for everyone on the Internet”, along with email addresses and passwords.
That’s because “the credentials for the whole Vibratissimo database environment were exposed on the internet”. According to the security firm, hackers can also control a user’s vibrator without their consent over Bluetooth or Wi-Fi. No need to be in the victim's proximity.
The Vibratissimo app offers a “quick control” feature, so the user can quickly request their partner to control their toy by sending them a link over a text or email. This way, the user doesn’t need to wait for their playmate to sign up for an account.
SEC Consult said that the unique ID associated with the control request link is easy to guess for any hacker. “An attacker can guess this ID easily and therefore control the victim’s sex toy directly over the internet,” warns the security firm.
Why sex toy security breaches happen
The main culprit for the vulnerability issues of most connected toys seems to be the Bluetooth technology. Most smart sex toys use Bluetooth to connect to the user’s phone and receive commands. “Even simply opening the Bluetooth explorer on your phone will reveal nearby smart adult devices that are powered on,” said Pen Test Partners’ Ken Munro to Wired.
Munro also said that most Internet-connected adult toys lack a secure Bluetooth connection, making it simple for a hacker nearby to control the pleasure of the user without their consent.
Pleasure vs. Privacy: How to find a compromise
“People are extremely concerned with neighbors hearing the buzz of their vibrators,” says Armando Sparapani, owner of Number One Sex Shop in Ancona, Italy.
“Every day, I get asked for ways to conceal a sex toy so my customer’s parents or husband can’t find it. But people are dangerously unaware that a hacker — or simply a tech-savvy neighbor — can access their private data.”
“For now, your safest bet to pleasure a faraway partner is using an offline voice-controlled vibrator,” suggests Sparapani. “Just talk to your partner over any video chat service of your choice or even a traditional phone call. The vibrator will change the stimulation intensity based on the rhythm and volume of your voice. If you choose video chat, make sure that you choose a service with adequate encryption.”
More and more sex tech companies are working hard to fix vulnerability issues and create a safer experience for vibrator users.
Joris Guisado, Lovense’s COO, confessed to Wired that Pen Test Partners hacking his company’s sex toys and demonstrating their vulnerabilities was actually a good thing. After that incident, Lovense reached out to Pen Test Partner and is now working together with the security firm to enhance the safety of its Internet-connected sex toys.
“My customers are thrilled at the idea of controlling a partner’s sex toy with their phone,” continues Sparapani. “I definitely see a bright future for Internet-connected vibrators. I hope that the industry will implement safer controlling technologies, so the customers will never have to choose between privacy and fun.”
Image sources: Dainis Graveris