Great. Now Your Sex Toy Is Spying on You Too.

Connected vibrators are vulnerable to hacking

August 12, 2016 9:00 am

Big Brother has breached the bedroom.

First, it was our bank accounts, our email accounts, our credit cards. Our health is being monitored. Not to mention our location, our favorite search terms and our preference in porn. Our cars are being hacked and stolen, and our connected homes are vulnerable. Perhaps it’s no surprise that our sex toys can now be penetrated.

In a recent presentation entitled “Breaking the Internet of Vibrating Things” at Def Con, two hackers named Goldfisk and Follower have raised serious concern over the vulnerabilities of the popular couple-oriented sex toy We-Vibe 4 Plus, allowing couples to “connect” with one another when they are apart via a toy and app combo. Per the description of the presentation: “As teledildonics come into the mainstream, human sexual pleasure has become connected with the concerns of privacy and security already familiar to those who previously only wanted to turn on their lights, rather than their lover.”

The hackers showed that parent company Standard Innovation was collecting data from the app including sensitive information such as the device’s temperature and vibration. In a response statement, Standard Innovation president Frank Ferrari said that the temperature data collected is not precise enough to know how it is being used by the user, and went on to say, “Our reason for collecting CPU temperature data is purely for hardware diagnostic purposes.”

Goldfisk points out, however, that “in their privacy policy, [Standard Innovation says] ‘we reserve the right to disclose your personally identifiable information if required to by law,’ but what does that actually mean?” The implications of data-collection, while seemingly harmless according to Ferrari, inevitably raise serious privacy concerns.

Oh, and it gets worse.

After all, if something is on the internet, it can be hacked. Period. In this case, then, a code-savvy third party could essentially know when you were using your toy, for how long and how “intensely.” That is do you prefer the pulse setting or the cha-cha-cha? They could also, if so perversely inclined, even take over control of the device without the user being aware. 

The hackers said their goal was to urge Standard Innovation to institute better privacy safeguards for users. They announced the launch of something called the Private Play Accord, which would aid in the transparency of data collection and protect the privacy of such devices. 

Meanwhile, next time you’re considering a long-distance boink session, you might want to play it safe and use an old-fashioned cell phone. Oh, wait…

Via The Guardian

The InsideHook Newsletter.

News, advice and insights for the most interesting person in the room.