Hacking a sex toy is possible. Currently, any device with wireless connection and an intelligent chip can be manipulated by a cyberintruder. Sometimes, the processors of the devices are very simple and therefore easy to spy and maneuver.
The technology evolves in giant steps and in full 2018 there are innovative connection toys via Bluetooth or internet. This is a risk for the society, because the simpler the processor is, the easier it is to hack it. Outsiders could intercept them, have access to their privacy to steal personal information and even cause physical harm. Why? Because you could drive the toy remotely, make it work differently and create injuries in your body.
The German consultancy of cybersecurity, SEC Consult , has discovered and recognized the vulnerability of sex toys. A recent finding showed that Vibratissimo masturbators are easily to be manipulated by third parties without the user’s consent. If so, would the cyberintruder be committing a sexual infraction?
According to Manuel Cancio, professor of criminal law at the Autonomous University of Madrid, “The crimes of the analog world can easily be transferred to the digital world”, and it is considered a sexual crime, that a person outside the user activates and remotely controls the device, because: “Any sexual conduct without consent constitutes a sexual offense,” explains Cancio to Teknautas, of El Confidencial. Consequently, any individual who dares to hack one of these devices, without the user’s permission, is considered an abuser and can be penalized.
Information theft and blackmail
According to the Panda security firm , cyber-intruders are more interested in the information they could obtain from the sex toy. The criminal when entering the configuration of the device, can know who the user is and the frequency of use. Enough information to start a process of blackmail against the person involved.
Will the cybercriminal have access to his personal photos and videos ?
Yes, you can have free access to your web cam, including the platforms for chatting and video conferencing.
These criminals can capture these images to use as blackmail, which is known as extortion, because the cybercriminal asks for money in exchange for not publishing and make viral the images or videos obtained, thanks to their espionage.
How has the sex toy been hacked?
According to the vulnerability report published by SEC Consult, one of the most important vulnerabilities that the vibrator has is to allow remote control of the toy over the Internet, since it has a feature called ‘quick control’, which allows you to send a link by text or email so that your partner takes control of the vibrator.
Each link has a global counter that “only increases by one each time a new quick control link is created.” For this reason, an attacker can get this ID easily and, therefore, control the sex toy of the victim directly from the Internet. In addition to this, another device failure allows Bluetooth connections without authentication, which allows nearby attackers to hack the device easily. The application also does not ask the user to confirm the remote use of the device by another person.
The PhpMyAdmin interface could be accessed through the URL http://www.vibratissimo.com/phpmyadmin with stored passwords, without any type of encryption, in clear text. You could see user names, session tokens, chat histories, among many other fields in the database.
These bugs were reported in November, and not all have been fixed yet. The database was subsequently secured. Although the application has been corrected, the vibrators must be sent to the manufacturer to fix the security flaws.
Knowing these data and in the technological age we live, it is important to be aware and cautious with your own privacy.
Karen Corredor Avila | Marketing Digital Assistant R3 CyberSecurity