Business Information Security – Cybersecurity Services

Did you know that hacking an erotic toy could be considered a crime?

Karen Corredor  // 05 July , 2018

Hacking a sex toy is possible

And nowadays, any device that has a wireless connection and an intelligent chip can be manipulated by a cyber-intruder. Because sometimes, their processors are very simple and therefore easy to spy and maneuver.

Hackear juguetes eroticos puede ser un delito

The technology evolves in giant steps and in full 2018 there are already toys with a high innovation that have connection via bluetooth or internet. This poses a risk to society, because the simpler the processor of these devices, the easier it will be to hack them and this would be the gateway to their privacy. As people outside you could intercept these types of products, steal personal information and even cause physical harm. Why? Because you could drive the toy remotely, make it work differently and create injuries in your body.

The consultancy of cybersecurity of German origin SEC Consult, has discovered and recognized the vulnerability of this type of products. A recent finding shows that Vibratissimo masturbators can easily be manipulated by third parties, without any consent on the part of the user. If so, would the cyberintruse be committing a sexual infraction?

According to criminal law professors such as: Manuel Cancio, professor at the Autonomous University of Madrid, “The crimes of the analog world can easily be transferred to the digital world,” and could be considered a sexual crime, if for example a person outside the active user and Remotely controls the device, because: “Any sexual conduct without consent constitutes a sexual violation,” explains Cancio to Teknautas, of El Confidencial. Consequently, any individual who dares to hack one of these devices, without the permission of the person who is using it, is considered an abuser and may be penalized.

Ciberseguriad R3 ibersecurity

Information theft and blackmail

According to the Panda security firm, cyber-intruders are more interested in the information they could obtain from the sex toy. The criminal just by entering the configuration of these devices, will be able to know who the user is and how often they use it. This information is enough to start a process of blackmail against the person involved.

Will the cybercriminal have access to his personal photos and videos?

Yes, you can have free access to your web cam, even if you have made use of the famous platforms that these devices have to chat and make video conference with another person. These criminals will be able to capture these images to be used as blackmail.

These cases are known as extortion, in which the cybercriminal asks for money in exchange for not publishing and making the images or videos obtained viral, thanks to his espionage.

According to an article published by antenna 3, victims are usually extorted with amounts ranging from 50 to 6,000 euros and unfortunately in Spain only one in ten crimes of this type are reported.

ataques informáticos

How has the sex toy been hacked?

According to the vulnerability report published by SEC Consult, one of the most important vulnerabilities that the vibrator had was to allow remote control of the toy over the Internet. This is due to a feature called ‘quick control’, which allows a user send a link by text or email so that his partner takes control of the vibrator.

Each link has a global counter that “only increases by one each time a new quick control link is created.” For this reason an attacker can get this ID easily and, therefore, control the sex toy of the victim directly from the Internet. In addition to this, another device failure allows Bluetooth connections without authentication, which allows nearby attackers to hack the device easily. The application also does not ask the user to confirm the remote use of the device by another person.

The PHPMyAdmin interface could be accessed through the URL with stored passwords, without any type of encryption, in clear text. You could see user names, session tokens, chat histories, among many other fields in the database.

These bugs were reported in November, and not all have been fixed. The database was subsequently secured. Although the application has been corrected, the vibrators have to be sent to the manufacturer, as there is no way to fix the security failures remotely by updating them.

Knowing this data and in a technological age like the one we live in, it is important to be aware and be cautious with our privacy.

Share it with your friends!




Meet all the professional opportunities that will allow you to achive your personal goals.

r3 cybersecurity

© R3 Cyber Security