Internet of Things + Adult Toys = Well, you can imagine…

watchingConnected devices are everywhere, enhancing the lives of consumers in myriad ways. The Internet of Things is a fast-moving revolution that opens possibilities and delivers functionality for just about any gadget, device, or system we can imagine. Including adult toys.

Medical devices, cities, refrigerators, baby monitors, cars, wearables, and homes are but a few of the connected things that give us astonishing new capabilities and conveniences. They also beget stunning invasions of privacy and dangerous vulnerabilities.

There’s a whole lot of creepy stuff going on, from recording orgasms, to smart phone apps that deliver users’ sexual behavior data to the manufacturer, to hackable devices that can be accessed and controlled by others. Issues range from surreptitious, deliberate data collection, to unsecured and unsecurable Bluetooth connections.

A class action suit was brought against a Canadian vibrator manufacturer – Standard Innovation, and later settled for $5 million. The company sold a vibrator called We-Vibe which could be connected to a smart phone via the We-Connect app, downloadable in the Apple and Google app stores. 

The app allows the users or a partner to control the vibrator's setting and features remotely through a Bluetooth connection. The connection, promised to be secure, lets partners pair another device, and communicate with video chats and text messages.

Not disclosed was the fact that the app monitored and recorded all usage information, including all personal communications, and sent it to company servers where it was stored. Even more alarming, it included the email addresses of registered users, allowing the company to connect the gathered data to specific individuals.

After that case came to light a company that does penetration testing of cyber systems to discover security vulnerabilities decided to look into adult toys. The company, Pen Test Partners, investigated a number of devices and uncovered shocking vulnerabilities. And you don’t have to be hacker genius to exploit them.

So, everyone knows you can glom onto a nearby wifi network if it’s not secured.  And most people have scanned for Bluetooth devices to pair with their phones or other devices. And we all know we can control and interact with devices via apps. 

That knowledge is all you need to grasp the basics of how the devices can be exploited, because all those capabilities are available with connected adult toys. Along with the vulnerabilities.

Many adult toys have cameras enabling them to stream the feed over wifi.  And most are sold with the same default password which users rarely change, while some have passwords that cannot be changed. Testers were easily able to hack into the devices via wifi and watch the video feed.

They were also able to use the mobile app to gain access to web servers and tap into the camera over the internet.  When using wifi, the voyeurs need to be within physical range of the signal. But if accessing it via the internet, peeping from just about anywhere is possible.

Pen Test pointed out another creepy and potentially dangerous possibility for stalking. Say some creep with low level hacking skills drives up to a house and finds an accessible wifi network and a device they can hack into. The creepy stalker knows where the victim lives, is spying on them, saving video and images, and getting info on their partners.

Less menacing were findings about a certain vibrating insertion device suitable for pleasure seekers of both sexes. All the devices had the same default name, like the name a new phone has until you change it. So researchers walked down the street and noticed devices in nearby homes, and in some cases, in passersby.

These devices use a common wireless personal area network technology known as Bluetooth Low Energy (BLE). It’s used in healthcare devices, wearables, home entertainment devices and many more. Its advantage is very low power consumption, but BLE isn’t known for formidable security. 

BLE is meant to be discoverable and emits broadcasts to make itself detectable. There are myriad Bluetooth and BLE detection devices (sniffing hardware) that discover nearby device broadcasts. They are affordable and simple to use.

Now it gets really interesting due to a fascinating aspect of BLE.  BLE devices rely in part on proximity for security. BLE is detectable in only a small area. So you pair it with your phone and figure you’re good to go. But if you don’t turn off the BLE connection on your device and take the phone out of range, or your phone battery dies, guess what. The device is available for any phone in range to commandeer, and the owner is locked out.

The new master of the device can turn it on – potentially embarrassing if its in a purse or briefcase, vibrating at full rpm during that important meeting…and your phone is sitting quietly on the table. Or, in the case of devices that are worn for “discrete pleasure” on demand, one might suddenly find themself vibrating at full throttle without control. YIKES!

Although most people would never contemplate these dastardly deeds, many of them require no skills whatsoever. Other are easily managed with only minimal hacking. And there’s LOTS of hobby hackers out there.

As the pursuit of gratification embraces the Internet of Things, how does one stay safe? 

Change passwords, on EVERYTHING, and often, and make them hard to figure out. Secure your wifi network.

Be careful with your apps. Get them only from safer sites like Google Apps and Apple store. But don’t feel too safe because even they have often carried infected apps. But at least they try.

Secure your phones for goodness sake. Remember to turn off BLE. Rename your devices!

Like unprotected sex, unprotected devices can result in some very bad things.


Read more below. Be forewarned, these articles are a bit friskier than the above.

Pen Test Blog: Vulnerable Camera

InfoSecurity - Bad Vibrations

Pen Test: Locating and exploiting smart adult toys