Smart sex toys are at risk of being hacked. It sounds like the start of a bad joke, but there are some very serious implications behind the idea of people gaining access to your sex toys. Were not just talking simple adjustments in vibrational intensity here...
Imagine being indefinitely locked into a chastity belt by an unknown remote hacker, or believing your partner is controlling a toy, only to discover later that it was a complete stranger.
According to ESET security researchers Denise Giusto Bilić and Cecilia Pastorino (via BleepingComputer (opens in new tab)), these are just some of the potential dangers of the inherent weaknesses identified in smart sex toys.
Many wearable sex devices today include features that go beyond just pressing the go button from a distance. Being connected to your smartphone, the associated apps might allow you to remotely contact your partner via video chat or allow file transfers, some save sensitive data like users names, sexual orientation and gender—some even let you store a list of sexual partners.
Sex devices are becoming more advanced by the day, and with more features and connectivity comes increased risk. With both Bluetooth Low Energy (BLE) and remote access via the internet, these devices are open to both local and remote attacks.
Should hackers exploit the encryption weaknesses in the toys end-to-end API, they could gain access to users sensitive data and some may even go for "Sextortion." Meaning coercion, usually blackmail, of a user by a hacker with access to their personal data. It's a real and terrifying thing.
Not only this, remote access means a Man-in-the-Middle (MitM) hacker could gain direct control over a device and even lock users out completely. In some cases, hackers have even managed to physically lock users in (opens in new tab). Scary stuff, especially with the potential to have to use *gulp* "a grinder or bolt cutter to free themselves." No thank you.
Bilić and Pastorino even wonder whether "an attack on a sexual device [is] sexual abuse and could it even lead to a sexual assault charge?"
As you can see, these kinds of attacks come with a slew of horrendous moral implications that have yet to be examined, as remote tech becomes an ever-more pervasive part of our lives.
Thankfully developers of smart sex toys are becoming more savvy, with company's like Lovense rolling out updates to patch the potential cybersecurity weaknesses, in response to vulnerability tests by the ESET Research Lab.
The best way for you to immediately protect your data in using devices such as these is not to store any personal data in these apps at all. That way anyone gaining access shouldn't be able to get any leverage over you. Make sure you check the type of encryption used by any device you plan to use, too.
Anything that uses the "Just Works (opens in new tab)" method of Bluetooth pairing is at risk of hackers gaining local Bluetooth control, which is not even that difficult to do.