It’s all fun and games in the Internet of Things until your vibrator gets hacked.
On Friday, two hackers at the Def Con hacking conference in Las Vegas proved the wonderfully-named world of “teledildonics” will be just as vulnerable to unfriendly intrusions and data-mining as everything else.
The We-Vibe 4 Plus calls itself the “No. 1 couples vibrator.” Among its special features is the ability for remote use. Combined with the We-Connect iOS and Android app, the vibrator can be controlled by a partner from the other side of the world, using Wi-Fi or a mobile data connection.
It hardly needs to be said anymore, but if it’s online, it can be hacked. And if it’s online, it’s also probably collecting data.
According to the Guardian, the two Kiwi hackers, who go by the names Goldfisk and Follower, suggested it would be relatively simple to remotely seize and control the We-Vibe 4 Plus via its internet connectivity. “The Internet of Things is filled with vulnerabilities, would you expect the Internet of Vibrating Things to be any different?” they asked in the description for their presentation, Breaking The Internet of Vibrating Things.
“A lot of people in the past have said it’s not really a serious issue,” Follower said during the talk. “But if you come back to the fact that we’re talking about people, unwanted activation of a vibrator is potentially sexual assault.”
There’s not just the possibility of unfriendly, third party control. The hackers also found the toys send sensitive information such as device temperature and vibration intensity back to the developer, Standard Innovation.
While the company defended its data collection policy to the Guardian, saying it was disclosed in its user agreement and privacy policy, Goldfisk still queried to whom Standard Innovation could give that data.
“In their privacy policy, they say ‘we reserve the right to disclose your personally identifiable information if required to by law,’ but what does that actually mean?” he asked. Unless you are extremely open about your sex life, and more power to you, the idea of being spied on in your most intimate moments is definitely a buzzkill.
The app’s licence agreement simply says it may collect and share your information in line with its privacy statement, which is rather thin on detail. Standard Innovation has been contacted by Mashable for more information about their security and privacy policy.
In a promising move, the hackers also called for device manufacturers to sign up to a Private Play Accord, which aims to encourage companies to adopt minimum privacy and security standards.
Mashable has also reached out to Goldfisk and Follower for details about the Accord.
If you’re worried, best to keep your sex toys internet free.