When any device is connected to the internet, two things become true: It’s immediately “smart,” and it’s instantly susceptible to hackers.
The duo attacked the We Vibe 4 Plus, a Bluetooth-enabled couple’s vibrator that comes with a smartphone app and remote control so that you can stimulate your partner “whether they’re in the same room or on a different continent,” the company’s advertising boasts.
The hackers hit the sex toy’s Texas Instruments CC2541 processor with its 2.4ghz Bluetooth chip, exploiting the lack of a certificate to collect information transmitted between the toy and the app. Bluetooth certificate pins establish a secure relationship between devices and users and the lack of one opens devices, including your sex toy, up to hackers.
They also showed just how much information the vibrator’s manufacturers are collecting about your masturbation.
If, for example, you go to high intensity, they’ll know.
— 0x0i5 (@0x0i5) August 5, 2016
They can also track the temperature of the device, information that can tell you a lot about exactly where this thing goes, though the company says it’s not precise enough to know exactly which orifice the toy has entered—or if it’s entered at all. The collected data is then stored and can be used by the company. Frank Ferrari, president of We Vibe maker Standard Innovation Corporation, said in a statement emailed to the Daily Dot that temperature data “is collected purely for hardware diagnostic purposes.”
The hackers assert that this type of intimate data raises privacy and security concerns.
“As teledildonics come into the mainstream, human sexual pleasure has become connected with the concerns of privacy and security already familiar to those who previously only wanted to turn on their lights, rather than their lover,” the hackers explained in the description of their presentation.
“Do you care if someone else knows if you or your lover is wearing a remote control vibrator? Do you care if the manufacturer is tracking your activity, sexual health and to whom you give control? How do you really know who is making you squirm with pleasure? And what happens when your government decides your sex toy is an aid to political dissidents? “
The future is way weirder than anyone predicted.
Clarification: The thermometer in the We Vibe is not precise enough to collect data that can determine whether the device has been inserted in an orifice, according to the company. Further, according to president of the company behind We Vibe, Frank Ferrari, “[t]emperature data is collected purely for hardware diagnostic purposes.”
“The temperature is measured through a thermometer in the Texas Instruments chip itself,” Ferrari said. “Many factors can affect the temperature of the chip. However, any changes in the temperature are not significant or noticeable enough to indicate the location of the product.”
H/T The Register