Months of imprisonment due to the coronavirus pandemic and social distancing measures imposed in many countries has changed the nature of dating, significantly increasing or increasing the demand for erotic toys, many of which have an internet connection or are supplemented by applications to improve sexual health make it more fun.
Connected devices can suffer malware attacks or reveal sensitive personal information
However, this possibility of online connection is also one open door to cyberattacks and vulnerabilities that can expose users’ personal information. According to the security company ESET, if the manufacturer of the sex toy does not take steps to ensure the safety and privacy of users, the effects of an attack go beyond a possible data breach.
According to the cybersecurity firm, owners of this type of device that were not protected could not only see confidential information – like their address or sexual orientation – being exposed, but they could even face physical attacks if they did not work properly on the device .
You can also be the subject of threats and fraud from the video chat or messaging applications that these devices may contain, and sensitive photos and audiovisual documents can even be exposed if the security of the content for which these devices are not guaranteed , or your mobile phone’s applications – have access.
The security firm reached these conclusions after finding vulnerabilities in the apps that control many of the sex toys its researchers analyzed. Some make it easy to install malware on your phone or allow changes to be made to the toy. You can also change the device’s actions, which can cause physical harm to those who use it.
Among other things, ESET analyzed two toys that were connected to one another. We-Vibe ‘Jive’ and Lovense ‘Max’ their Android applications had potential bugs. The first is a hands-free vibrator that can be used outside the home and sends signals over bluetooth. These can be read by an attacker who can identify and control them from any browser if he has the necessary technical knowledge.
This vibrator is paired with a mobile phone or a PC using a very weak password: “Null”. Any cybercriminal who knows this password can access information and the device without verification. In addition, the multimedia files used during the chat sessions are stored in folders and their metadata is kept as shared files so that they can get into the hands of cyber criminals.
The second of the devices was analyzed in a male masturbator that is remotely synchronized with a device so that the cybercriminal can control both by compromising one of them. The app also makes it possible to forward images to third parties without the knowledge of the author, which increases the risk of blackmail or the distribution of personal content without the consent of the user.