ESET researchers investigate what could possibly go wrong when you connect your bedroom to the internet of things
As internet of things (IoT) devices continue to seep into our homes and offer an increasingly wide range of features, new concerns are beginning to arise about the security of the data processed by these devices. Although they’ve been subject to countless security breaches that led to the exposure of people’s login details, financial information and geographical location, among others, there are few kinds of data with more potential to harm users than those relating to their sexual preferences and behavior.
With new models of smart sex toys entering the market all the time, we might think that progress is being made in strengthening the mechanisms that ensure good practices in the processing of user information. However, our research revealed interesting security flaws derived from both the implementation of the apps controlling the devices and the design of these devices, affecting the storage and processing of information. Today, these findings are more relevant than ever, since we are seeing a rapid rise in sex toy sales as a reflection of the current situation around the world and social distancing measures related to COVID-19.
As is the case with any other IoT device, there are certain threats to privacy when using internet-enabled adult toys. Vulnerabilities could allow attackers to execute malicious code on the device, or to lock it preventing the user from sending any command to the toy. In fact, we have already seen real-case scenarios involving similar attacks, as digital secure smart
