Two researchers from the ESET company, specializing in security, have just published a report which shows that connected sex toys are objects that present a serious risk of piracy.
Cecilia Pastorino and Denise Giusto Bilić have set their sights on two devices that are currently selling particularly well: the vibrating egg We-Vibe Jive, and the Lovesense Max masturbation tube. They discovered many flaws and sent their report to the manufacturers to correct them, which luckily was done.
Connected sex toys often use the same architecture that includes a connection Bluetooth Low Energy (BLE) with the smartphone and the use of an application that connects to a server in the cloud.
The connection to the Internet can also be used to communicate the user’s smartphone with that of his / her partner, who will have installed the same app.
The two sex toys in the study use a Bluetooth Low Energy (BLE) connection and are therefore easily detectable by a scanner. Alas, they use the pairing method “Just Works” which is the least secure, because it uses a temporary key set to 0. A hacker can therefore easily connect to the device during the pairing phase by sending 0 as a temporary key (attack type man-in-the-middle). It can even then force the user’s pairing with a dummy device that can capture all information and commands.
Then, the two researchers found flaws in the applications of the two objects. For example, that of Lovesense has a remote control function with a web browser. For identification, it goes through a token four alphanumeric characters, which is insufficient to combat a brute force attack.
Additionally, Lovesense’s app poses privacy concerns by not encrypting end-to-end transactions, storing email addresses in the clear, not erasing messages from the remote phone when requested to delete. and not disabling screenshots.
To hammer home the point, updating the firmware is not secure enough and a hacker could cause a bogus firmware update to download.
Also to discover in video:
The We-Connect application is also not exempt from criticism: certain sensitive metadata is not deleted during communication between two partners via the app, while the PIN code has four digits which secures access to the app. The application can be easily forced by using a BadUSB type attack.
This is not the first time that connected sex toys have been singled out for their lack of security. Last year, a hacker managed to take control of a male chastity belt, in order to demand a ransom to free its victims.
Source : ESET