Talk about a ruined Valentines Day – hacked sex toys can be accessed to post images and even video
Amorous individuals keen to prepare for the cinematic release of the 50 Shades Of Grey or next week’s Valentines Day may be better off cooling their loins for a spell after new security research worryingly uncovered that sex toys can be hacked.
Experts from Pen Test Partners have revealed how certain brands of bedroom products, including many already on the market, can be easily hacked, allowing people to intercept communications and take control of them.
They also warned that one of the toys even captured video, which could easily be accessed.
Is nothing sacred?
Pen Test decided to investigate a range of products from Lovesense, which is well-known for combining technology including videoconferencing in its toys.
“Apparently ‘cyberdildonics’ are set to be the next big thing in sex toys, allowing you to share ‘sensations’ across the internet, and there is no shortage of products from various manufacturers, and even a social media site where you can get some random who you’ll probably never meet to ‘drive’ your sex toy for you,” the company’s Joe Bursell told Forbes.
However the security of registration process offered to users to register their products was full of holes for hackers to exploit, the company found.
“If an attacker could intercept the devices communications they could portray their victim as a monumentally inept in the stimulation department, which would be hilarious and tragic in equal measure,” Bursell continued.
“There was no apparent encryption during the registration process, meaning anyone snooping on the line could get hold of login information,” his colleague Ken Munro added.
Pen Test were also concerned at the security certification of the company’s home portal, where users could download different software and specialised programmes to their device.
“It will clearly be trivial to compromise a user’s account and access some quite juicy content, particularly so if the victim is a ‘friend’ in a shared household using the same wireless access point,” said Munro.
The vulnerabilites are the latest worry to those people looking for love online. Last month, a study by cybersecurity firm Synack discovered that dating apps, including Tinder and Grindr, can easily be hacked to reveal users’ exact location.
The researchers explained how they managed to track app users’ movement throughout the day by spoofing requests to the servers behind those apps. An app could transmit user location to its servers insecurely if they data was sent in plaintext or if was not encrypted properly.
The team demonstrated how it was able to abuse the flaw to compile one-time snapshots of 15,000 Grindr users in the San Francisco Bay area, as well as users of the app at the Sochi Olympics.
How much do you know about hacking? Take our quiz!