Sex toy owners have been warned of their dangers
Eset, the market leader in information security, has identified security gaps in 2 well-known sex toys. Specifically, weaknesses were found in smartphone programs designed to control these toys. Security gaps could allow the installation of malware, changing the preinstalled software of sex toys, or even converting devices to harm consumers.
Analysts of the company conducted a study, during which they studied two sex toys from well-known manufacturers We-Vibe and Max. For verification, experts downloaded device management applications from Google Play and verified the protection of the investigated Lovense Remote We-Connect programs. Since sex toys are portable devices, they can be used in an unsafe information environment. It has been found that these devices continuously transmit their position to ensure high quality communication. Thanks to this, anyone who has access to a device with Bluetooth will be able to detect a toy within its range of action at a distance of up to 8 m. So, potential ill-wishers can easily find the device using a Bluetooth connection. To gain access, they do not need to download an application to control the device, because usually the browser has suitable functionality to facilitate control.
Sex toys use the most unprotected method of communication, and the temporary key code used by the devices equals 0. That is, anyone can connect to these devices by using 0 instead of the key. The sex toy is not protected from attacks, because such a free device can automatically pair with another device wishing to connect to it via Bluetooth, without any checks and confirmations. Regardless of the fact that consumer media files for sharing are stored in a closed software repository, information about them is publicly available. This means that by sending files to someone on the device, the user is sharing other confidential information, such as their location.
Sex toys from Max can be removed and synchronized with different devices, and the ill-wisher will be able to control two devices when only one of them is infected. Yes, media files transmitted by other devices do not convey additional information. The program itself allows you to set a 4-digit code using a button grid. This makes it difficult to attack with password brute-force attacks. The protection of user information may be threatened by certain specific features of the application, such as the possible transfer of media files to others without the approval of the sender. In addition, users on the blacklist or topics that have been deleted may be able to access information from the chat and previously used media files.
In addition, this company does not use recognition of paired devices, which is why ill-wishers are able to intercept the connection and control intimate toys, arranging attacks. After the research, the creators of intimate toys received a report on errors in the device software planning to fix them. To date, all the shortcomings have already been eliminated.
“Despite the fact that security, apparently, is not currently a priority for most creators of intimate toys, users of these devices have the opportunity to independently protect their devices from hacking. To do this, do not use intimate toys in public places, it is also best to connect them to the application in the smartphone when applied, so that they do not spread data about themselves to possible ill-wishers nearby. With the growing use of intimate toys, their creators should also pay attention to the cyber vulnerability of their devices, so that everyone can use only invulnerable and protected devices, ”Eset experts believe.