Hackers can use smart sex toys to blackmail people. ESET researchers discover security flaws in We-Vibe "Jive" and Lovense "Max".
ESET researchers have found serious security flaws in two networked sex toys. The We-Vibe “Jive” and the Lovense “Max” achieve high sales figures during the corona pandemic. The immense interest also attracts cyber criminals. The ESET researchers found the weak points in the apps that control the two sex toys. This could allow attackers to install malware on the smartphones being used and also steal data. In addition to possible physical damage from misuse of the devices, there is a risk of being blackmailed with stolen photos, chats or other data. Both manufacturers received information about the vulnerabilities from ESET and have already closed them. On WeliveSecurity, the experts from the European IT security manufacturer have published their analysis in a white paper.
Smart sex toys
“IT security must have a high priority, especially when it comes to the development of intelligent sex toys. The possible dangers for the user are high, nobody wants to be blackmailed with intimate recordings or conversations, ”explain ESET researchers Denise Giusto and Cecilia Pastorino. “With most of the current sex toys, the manufacturers have criminally neglected the safety aspect. This must urgently change as these devices continue to develop. "
Devices are attractive to criminals
With the advent of advanced models of sex toys that include apps, messaging, video chats, and web-based interconnectivity, the devices have become more and more attractive to cyber criminals and easier to exploit. Data theft in this area can be devastating to the user when information such as sexual orientation, sexual behaviors, and intimate photos are leaked. In order to protect privacy, it is therefore essential to give IT security a high priority when planning and developing these devices.
We-vibe
ESET researchers found that the We-Vibe “Jive” constantly announces its presence and could thus be found with a Bluetooth scanner. Potential attackers could use it to identify the device and use the signal strength to get to the carrier. The device uses the Bluetooth low energy pairing method (BLE for short). Here it is possible without any problems to change the temporary key code that is used by the devices while the connection is being established. So every device can connect to the "Jive". Authentication is not necessary. The manufacturer's official app would not be required to gain control, a browser is sufficient. This makes the device very susceptible to man-in-the-middle attacks (MitM).
Another problem is with exchanges between users during chat sessions. The users have the option to send multimedia files. There is a risk that information about the devices used and the exact geolocation will be shared.
lovense
The Lovense "Max" can synchronize with a distant counterpart. This means that attackers can take control of both devices even though only one has been compromised. With the Lovense device, the design of the app is a threat to user privacy. There are options for images to be forwarded to third parties without the knowledge of the owner. Likewise, deleted or blocked users still have access to the chat history and all shared multimedia content.
Again, this device does not contain authentication for BLE connections, so it can be used for MitM attacks to intercept the connection, send commands and control the motors of the device. In addition, the use of email addresses in the app's user IDs raises some privacy concerns, as the addresses are shared in clear text with all phones involved in a chat.
More on this at WeLiveSecurity at ESET.com
About ESET ESET is a European company with headquarters in Bratislava (Slovakia). ESET has been developing award-winning security software since 1987 that has already helped over 100 million users enjoy secure technology. The broad portfolio of security products covers all common platforms and offers companies and consumers worldwide the perfect balance between performance and proactive protection. The company has a global sales network in over 180 countries and branches in Jena, San Diego, Singapore and Buenos Aires. For more information, visit www.eset.de or follow us on LinkedIn, Facebook and Twitter.