{"id":12777,"date":"2016-08-15T09:00:59","date_gmt":"2016-08-15T13:00:59","guid":{"rendered":"https:\/\/www.kaspersky.co.za\/blog\/?p=12777"},"modified":"2019-11-15T13:49:48","modified_gmt":"2019-11-15T11:49:48","slug":"insecure-vibrator","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/insecure-vibrator\/12777\/","title":{"rendered":"Vibrators hacked"},"content":{"rendered":"<p>Now that even <a href=\"https:\/\/www.kaspersky.co.za\/blog\/surviving-iot\/10480\/\" target=\"_blank\" rel=\"noopener noreferrer\">coffee machines are Wi-Fi connected<\/a>, getting to smart sex toys was only a matter of time. People actually started thinking along those lines quite a while ago: In 1975, American pioneer of information technology, philosopher, and sociologist Ted Nelson offered the world a curious new term: <a href=\"https:\/\/en.wikipedia.org\/wiki\/teledildonics\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">teledildonics<\/a>. The word denotes a technology that helps couples feel very close together no matter how far apart they are in reality.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Hackers can spy on you through your vibrator: <a href=\"https:\/\/t.co\/7m2mt8FArF\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/7m2mt8FArF<\/a> <a href=\"https:\/\/t.co\/KQN5kUT1PW\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/KQN5kUT1PW<\/a><\/p>\n<p>\u2014 The Daily Dot (@dailydot) <a href=\"https:\/\/twitter.com\/dailydot\/status\/762869147214548993?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">August 9, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>So, how do you make a tool as simple and efficient as a vibrator \u201cnew and improved\u201d? Cool features from the gadget world, of course. Today, people can buy sex toys that <a href=\"http:\/\/www.techinsider.io\/smart-vibrator-ces-2016-1\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">synchronize with erotic e-books<\/a>, toys with <a href=\"http:\/\/we-vibe.com\/we-vibe-4-plus\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">remote-control features<\/a>, even ones equipped with a <a href=\"http:\/\/www.independent.co.uk\/news\/weird-news\/the-sex-selfie-stick-lets-you-facetime-the-inside-of-a-vagina-10080436.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">built-in selfie camera<\/a> \u2026 and, well, a lot of other interesting devices.<\/p>\n<p>There are also vibrators for couples: For example, the <a href=\"https:\/\/kasperskydaily.com\/usa\/dangerous-usb\/7487\/\" target=\"_blank\" rel=\"noopener noreferrer\">We-Vibe 4 Plus<\/a> has been on the market for two years \u2014 although it became newsworthy quite recently. This is the tale of developers of very intimate goods who do not value the privacy of their customers.<\/p>\n<h3>What happened?<\/h3>\n<p>The company that produces the We-Vibe 4 Plus is called Standard Innovation. It claims the device is the number one couples\u2019 vibrator in the world. In comparison to the base model, the We-Vibe 4, the Plus version supports remote control through a mobile app that can be installed on the phones of both partners. Users can create \u201cplaylists\u201d \u2014 basically, sequences involving vibration intensity and frequency.<\/p>\n<p>All well and good, so far. But the devil is in the details: The same app that keeps a diary of your sex life also shares that intimate data with the developer.<\/p>\n<p>Two New Zealand hackers called <a href=\"https:\/\/twitter.com\/g0ldfisk\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">@goldfisk<\/a> and <a href=\"https:\/\/twitter.com\/rancidbacon\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">@rancidbacon<\/a> researched the device and presented their findings at the DEF CON 2016 conference in Las Vegas. They had discovered vulnerabilities in the app. Among other things, criminals can hack it to activate the vibrator. That may not sound as dangerous as hacking a <a href=\"https:\/\/www.kaspersky.co.za\/blog\/hacking-chemical-plant\/9603\/\" target=\"_blank\" rel=\"noopener noreferrer\">chemical plant<\/a> or a <a href=\"https:\/\/www.kaspersky.co.za\/blog\/stuxnet-victims-zero\/6775\/\" target=\"_blank\" rel=\"noopener noreferrer\">nuclear power station<\/a>, but it\u2019s still fairly horrifying to contemplate.<\/p>\n<p>\u201cUnwanted activation of a vibrator is potentially sexual assault\u201d \u2014 @RancidBacon, at DEF CON.<\/p>\n<p>Just think: Two million people own We-Vibe 4 Plus devices, and every one of them is at risk.<\/p>\n<p>The hack is still only a theory. But the developer gathering data about device temperature and difference in vibration \u2014 that\u2019s really happening. As a result, the company\u2019s employees can easily discern when and how often people use their vibrators, and even which modes they prefer \u2014 the widely advertised \u201cecho,\u201d the \u201ccha-cha-cha,\u201d or a personalized playlist.<\/p>\n<p>Standard Innovation president Frank Ferrari <a href=\"http:\/\/fusion.net\/story\/334603\/sex-toy-we-vibe-privacy\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">told Fusion<\/a> that the company collects data to improve their devices and understand how people use them. So: For two years, We-Vibe 4 Plus users unwittingly took part in a kind of erotic show for a narrow circle of people \u2014 Standard Innovation employees.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">We Vibe is collecting realtime about vibrator intensity by JSON callbacks to the server <a href=\"https:\/\/twitter.com\/hashtag\/defcon?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#defcon<\/a> <a href=\"https:\/\/t.co\/XJU4NQPbrg\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/XJU4NQPbrg<\/a><\/p>\n<p>\u2014 0x0i5 (@0x0i5) <a href=\"https:\/\/twitter.com\/0x0i5\/status\/761701094086934529?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">August 5, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>The We-Connect terms and conditions are rather vague and do not explain which data the app collects and for what purpose. At the same time, the company reserves the right to share this information with law enforcement if it is requested. This point is a very big deal: In some countries <a href=\"https:\/\/www.theguardian.com\/lifeandstyle\/blog\/2013\/sep\/19\/masturbation-laws-world-penal-code\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">self-pleasure is illegal<\/a>. <\/p>\n<h3>Tips and conclusions<\/h3>\n<p>The Internet-of-Things in general and teledildonics in particular is a very young industry. Developers of smart devices emphasize \u201ccool new features,\u201d often leaving users\u2019 security fairly far down the list of priorities. That\u2019s why we recommend caution when buying smart devices \u2014 and especially when it comes to sex toys. Does your vibrator really need to be connected to the Internet?<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Why connected #vibrators are bad<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2For6u&amp;text=Why+connected+%23vibrators+are+bad\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>If not, buy a different kind. But if you\u2019ve already joined the ranks of \u201clucky\u201d We-Vibe 4 Plus owners, you don\u2019t have to trash it just because the developer overindulges. Instead, you can turn on your phone\u2019s airplane mode when you use the toy \u2014 though you\u2019ll have to forgo the remote control.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today, it seems <i>everything<\/i> can be hacked. Even your vibrator. This is the tale of developers of very intimate goods who do not value the privacy of their clients.<\/p>\n","protected":false},"author":522,"featured_media":12778,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2670],"tags":[1782,1770,899,658,794,43,1769,1771],"class_list":{"0":"post-12777","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-blackhat16","10":"tag-def-con-2016","11":"tag-hack","12":"tag-internet-of-things","13":"tag-iot","14":"tag-privacy","15":"tag-sex","16":"tag-vibrator"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/insecure-vibrator\/12777\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/insecure-vibrator\/7518\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/insecure-vibrator\/7544\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/insecure-vibrator\/7522\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/insecure-vibrator\/8946\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/insecure-vibrator\/8777\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/insecure-vibrator\/12771\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/insecure-vibrator\/12777\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/insecure-vibrator\/5980\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/insecure-vibrator\/6472\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/insecure-vibrator\/5264\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/insecure-vibrator\/8467\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/insecure-vibrator\/12287\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/insecure-vibrator\/12771\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/insecure-vibrator\/12777\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/blackhat16\/","name":"blackhat16"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/12777","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/522"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=12777"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/12777\/revisions"}],"predecessor-version":[{"id":24306,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/12777\/revisions\/24306"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/12778"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=12777"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=12777"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=12777"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}