Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday October 08 2017, @10:22AM   Printer-friendly
from the insert-witty-something-here dept.

Submitted via IRC for TheMightyBuzzard

At this point we've pretty well documented how the "internet of things" is a privacy and security dumpster fire. Whether it's tea kettles that expose your WiFi credentials or smart fridges that leak your Gmail password, companies were so busy trying to make a buck by embedding network chipsets into everything, they couldn't be bothered to adhere to even the most modest security and privacy guidelines. As a result, billions upon billions of devices are now being connected to the internet with little to no meaningful security and a total disregard to user privacy -- posing a potentially fatal threat to us all.

Unsurprisingly, the sex toy division of the internet of broken things is no exception to this rule. One "smart dildo" manufacturer was recently forced to shell out $3.75 million after it was caught collecting, err, "usage habits" of the company's customers. According to the lawsuit, Standard Innovation's We-Vibe vibrator collected sensitive data about customer usage, including "selected vibration settings," the device's battery life, and even the vibrator's "temperature." At no point did the company apparently think it was a good idea to clearly inform users of this data collection.

Source: https://www.techdirt.com/articles/20171003/13375238336/sex-toys-are-just-as-poorly-secured-as-rest-internet-broken-things.shtml


Original Submission

Related Stories

IoT Sex Toy Control App Records Audio Without Couple's Knowledge 44 comments

Connected sex toys recorded intimate sessions without consent

Days ago, a Redditor discovered that their Lovense remote control app was unknowingly recording audio of a six-minute intimate session between the user and their significant other. It happened while they used the app to control the Lovense vibrator it's paired with, and it saved the recording to a local file buried in the phone's media storage. Another commenter, claiming to be a Lovense representative, said these recordings are the result of a "minor software bug."

Lovense: "Use teledildonics to improve your sex life!"

Previously: Vibrator Maker Pays $3.75 Million Settlement Over Data Collection
Pornhub's Newest Videos Can Reach Out and Touch You
Sex Toys Are Just as Poorly-Secured as the Rest of the Internet of Broken Things


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 0, Informative) by Anonymous Coward on Sunday October 08 2017, @11:03AM (6 children)

    by Anonymous Coward on Sunday October 08 2017, @11:03AM (#578838)
    • (Score: 2) by The Mighty Buzzard on Sunday October 08 2017, @11:20AM (3 children)

      by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Sunday October 08 2017, @11:20AM (#578845) Homepage Journal

      You're unable to tell the difference between the three stories? You really should do more than skim the headline.

      --
      My rights don't end where your fear begins.
      • (Score: 4, Informative) by Anonymous Coward on Sunday October 08 2017, @11:46AM (2 children)

        by Anonymous Coward on Sunday October 08 2017, @11:46AM (#578851)

        That's what the summary is for. This one, unfortunately, doesn't give any indication that there's any news here. The first story says We-Vibe's manufacturer tracked customers without telling them. The second story says the manufacturer got sued and settled for $3.75 million. The third story, judging by the summary, says We-Vibe's manufacturer tracked customers without telling them, got sued, and settled for $3.75 million—all of which we knew. It's no surprise it's shite, since no one bothered to write a summary, but simply cribbed the beginning of the article.

        • (Score: 3, Informative) by The Mighty Buzzard on Sunday October 08 2017, @11:53AM

          by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Sunday October 08 2017, @11:53AM (#578853) Homepage Journal

          Fair nuff. The third paragraph on the FA is where you start finding what the story's actually about and the eds didn't include it in the summary.

          --
          My rights don't end where your fear begins.
        • (Score: 3, Informative) by NotSanguine on Sunday October 08 2017, @10:14PM

          by NotSanguine (285) <NotSanguineNO@SPAMSoylentNews.Org> on Sunday October 08 2017, @10:14PM (#579002) Homepage Journal

          From TFA:

          But security is also lacking elsewhere in the world of internet-connected sex toys. Alex Lomas of Pentest Partners recently took a look at the security in many internet-connected sex toys, and walked away arguably unimpressed. Using a Bluetooth "dongle" and antenna, Lomas drove around Berlin looking for openly accessible sex toys (he calls it "screwdriving," in a riff off of wardriving). He subsequently found it's relatively trivial to discover and hijack everything from vibrators to smart butt plugs -- thanks to the way Bluetooth Low Energy (BLE) connectivity works:

          "The only protection you have is that BLE devices will generally only pair with one device at a time, but range is limited and if the user walks out of range of their smartphone or the phone battery dies, the adult toy will become available for others to connect to without any authentication. I should say at this point that this is purely passive reconnaissance based on the BLE advertisements the device sends out – attempting to connect to the device and actually control it without consent is not something I or you should do. But now one could drive the Hush’s motor to full speed, and as long as the attacker remains connected over BLE and not the victim, there is no way they can stop the vibrations."

          --
          No, no, you're not thinking; you're just being logical. --Niels Bohr
    • (Score: 2) by fyngyrz on Sunday October 08 2017, @04:11PM (1 child)

      by fyngyrz (6567) on Sunday October 08 2017, @04:11PM (#578899) Journal

      I came here to say that if your sex toy is not well secured, you should probably obtain a better fitting one.

      Just thought I'd fill you all in on my thoughts on the matter.

      • (Score: 5, Funny) by MostCynical on Sunday October 08 2017, @08:47PM

        by MostCynical (2589) on Sunday October 08 2017, @08:47PM (#578969) Journal

        Matching thread pitch to nuts is never easy.

        --
        "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
  • (Score: 5, Insightful) by Runaway1956 on Sunday October 08 2017, @11:15AM (6 children)

    by Runaway1956 (2926) Subscriber Badge on Sunday October 08 2017, @11:15AM (#578844) Journal

    It's silly to point at any type or class of device, when the entire concept of "internet of things" is broken. The concept is, "Let's spy on our customers, so that we can figure out how to exploit those customers better." It's simply a broken concept.

    It's past time that we wise up, stand up, and "Just say NO" to these assholes.

    No, I don't want your dildo spying in my bedroom, your washer spying in the washroom, your baby sitter spying in the nursery, or even your refrigerator spying in the kitchen. All of us need to insist on appliances WITHOUT any spy features.

    • (Score: 4, Touché) by maxwell demon on Sunday October 08 2017, @11:34AM (2 children)

      by maxwell demon (1608) on Sunday October 08 2017, @11:34AM (#578848) Journal

      The concept is, "Let's spy on our customers, so that we can figure out how to exploit those customers better."

      Didn't you get the memo? You are supposed to use the term "how to serve those customers better." And of course never explicitly state that they are served to the investors.

      --
      The Tao of math: The numbers you can count are not the real numbers.
      • (Score: 5, Funny) by istartedi on Sunday October 08 2017, @08:10PM

        by istartedi (123) on Sunday October 08 2017, @08:10PM (#578954) Journal

        We've translated the book. "To serve customers". IT'S A COOKBOOK!

        --
        Appended to the end of comments you post. Max: 120 chars.
      • (Score: 0) by Anonymous Coward on Sunday October 08 2017, @11:42PM

        by Anonymous Coward on Sunday October 08 2017, @11:42PM (#579030)

        > "how to serve those customers better."

        It won't take long to get to: "Share and Enjoy", the theme song of the Sirius Cybernetics Corporation, eventually first against the wall when the revolution came.

    • (Score: 2) by sgleysti on Sunday October 08 2017, @02:59PM

      by sgleysti (56) Subscriber Badge on Sunday October 08 2017, @02:59PM (#578888)

      Exactly. Here's a post to that effect from the originator of the @internetofshit twitter account:

      https://internetofshit.net/the-internet-of-things-has-a-dirty-little-secret-28bce2d412b2 [internetofshit.net]

    • (Score: 1, Informative) by Anonymous Coward on Sunday October 08 2017, @06:40PM

      by Anonymous Coward on Sunday October 08 2017, @06:40PM (#578926)

      All of IoT is nothing but sex toys.

    • (Score: 2) by TheRaven on Monday October 09 2017, @09:02AM

      by TheRaven (270) on Monday October 09 2017, @09:02AM (#579203) Journal

      IoT is the latest buzzword for the same concept that was Ubiquitous Computing (ubicomp) a decade ago and has had many other names. The basic idea isn't too bad: devices exchanging data can optimise for local conditions better. It's quite hard to see the benefit of a networked sex toy, but maybe you'd want your phone and doorbell to go on silent mode while it is in use (and maybe the volume on the music to turn up, if you have thin walls).

      The problem is that most of the companies involved have neither any idea how to build secure networked devices, nor any real idea of why anyone would want one.

      --
      sudo mod me up
  • (Score: 5, Insightful) by maxwell demon on Sunday October 08 2017, @11:39AM (9 children)

    by maxwell demon (1608) on Sunday October 08 2017, @11:39AM (#578850) Journal

    That's not an example of broken security. Broken security would mean a data leak not intended by the manufacturer.

    This is a data leak intended by the manufacturer. In other words, a privacy violation.

    --
    The Tao of math: The numbers you can count are not the real numbers.
    • (Score: 5, Informative) by The Mighty Buzzard on Sunday October 08 2017, @11:51AM (8 children)

      by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Sunday October 08 2017, @11:51AM (#578852) Homepage Journal

      Yeah, you gotta RTFA to see the broken security.

      But security is also lacking elsewhere in the world of internet-connected sex toys. Alex Lomas of Pentest Partners recently took a look at the security in many internet-connected sex toys [pentestpartners.com], and walked away arguably unimpressed. Using a Bluetooth "dongle" and antenna, Lomas drove around Berlin looking for openly accessible sex toys (he calls it "screwdriving," in a riff off of wardriving). He subsequently found it's relatively trivial to discover and hijack everything from vibrators to smart butt plugs -- thanks to the way Bluetooth Low Energy (BLE) connectivity works:

      "The only protection you have is that BLE devices will generally only pair with one device at a time, but range is limited and if the user walks out of range of their smartphone or the phone battery dies, the adult toy will become available for others to connect to without any authentication. I should say at this point that this is purely passive reconnaissance based on the BLE advertisements the device sends out – attempting to connect to the device and actually control it without consent is not something I or you should do. But now one could drive the Hush’s motor to full speed, and as long as the attacker remains connected over BLE and not the victim, there is no way they can stop the vibrations."

      --
      My rights don't end where your fear begins.
      • (Score: 2) by maxwell demon on Sunday October 08 2017, @12:06PM (5 children)

        by maxwell demon (1608) on Sunday October 08 2017, @12:06PM (#578855) Journal

        Which means the quote from the summary was poorly selected.

        --
        The Tao of math: The numbers you can count are not the real numbers.
        • (Score: 4, Informative) by The Mighty Buzzard on Sunday October 08 2017, @12:12PM (4 children)

          by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Sunday October 08 2017, @12:12PM (#578857) Homepage Journal

          Indeed. I take part of the blame for being a lazyass and using my IRC bot to do the submission (only includes who subbed it, a title, a very brief summary, and a link to TFA) but I'm happy to share some of the blame with Fnord666 as well.

          --
          My rights don't end where your fear begins.
          • (Score: 2) by Fnord666 on Sunday October 08 2017, @04:39PM (3 children)

            by Fnord666 (652) on Sunday October 08 2017, @04:39PM (#578904) Homepage

            Indeed. I take part of the blame for being a lazyass and using my IRC bot to do the submission (only includes who subbed it, a title, a very brief summary, and a link to TFA) but I'm happy to share some of the blame with Fnord666 as well.

            Mea Culpa. I failed you all on this one and I apologize. It's on me to learn from this and do better.

            • (Score: 2) by The Mighty Buzzard on Sunday October 08 2017, @06:29PM (2 children)

              by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Sunday October 08 2017, @06:29PM (#578923) Homepage Journal

              Okay, no floggings this time but don't let it happen again.

              --
              My rights don't end where your fear begins.
              • (Score: 3, Funny) by Anonymous Coward on Sunday October 08 2017, @07:10PM (1 child)

                by Anonymous Coward on Sunday October 08 2017, @07:10PM (#578934)

                No! NO! WE MUST HAV ZEE FLOGGINGS!

                • (Score: 4, Touché) by c0lo on Sunday October 08 2017, @09:45PM

                  by c0lo (156) Subscriber Badge on Sunday October 08 2017, @09:45PM (#578994) Journal

                  I see. You paid for a SM session.
                  Apologies for the mix-up. Does it include bondage as well?

                  --
                  https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
      • (Score: 3, Touché) by Anonymous Coward on Sunday October 08 2017, @01:35PM (1 child)

        by Anonymous Coward on Sunday October 08 2017, @01:35PM (#578869)

        Are we sure that's a bug and not a feature? I'm pretty sure there are those who'd get off on turning over control to whoever finds the connection.

        • (Score: 1, Informative) by Anonymous Coward on Sunday October 08 2017, @06:00PM

          by Anonymous Coward on Sunday October 08 2017, @06:00PM (#578917)

          In this instance perhaps. But if one can force a BLE device to drop pairing, they are apparently free game (unless that is a poor implementation of the BLE spec, not sure).

          And BLE shows up in more than sex toys. Think all kinds of medical devices, devices that do more than passively monitor ones vital signs...

  • (Score: 3, Funny) by Thexalon on Sunday October 08 2017, @12:09PM (5 children)

    by Thexalon (636) on Sunday October 08 2017, @12:09PM (#578856)

    It would be really fun to learn if any of our politicians are wearing a butt-plug while they're making legislation.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    • (Score: 4, Funny) by The Mighty Buzzard on Sunday October 08 2017, @02:59PM (4 children)

      by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Sunday October 08 2017, @02:59PM (#578887) Homepage Journal

      Wouldn't that be recursion? A buttplug wearing a buttplug?

      --
      My rights don't end where your fear begins.
      • (Score: 3, Funny) by Gaaark on Sunday October 08 2017, @03:45PM

        by Gaaark (41) on Sunday October 08 2017, @03:45PM (#578896) Journal

        Hillary wipes hers with a cloth!
        XD

        --
        --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
      • (Score: 5, Funny) by Thexalon on Sunday October 08 2017, @05:55PM (2 children)

        by Thexalon (636) on Sunday October 08 2017, @05:55PM (#578916)

        Stop insulting buttplugs by equating them to politicians, you insensitive clod!

        --
        The only thing that stops a bad guy with a compiler is a good guy with a compiler.
        • (Score: 2, Insightful) by Anonymous Coward on Sunday October 08 2017, @07:12PM (1 child)

          by Anonymous Coward on Sunday October 08 2017, @07:12PM (#578936)

          Stop insulting buttplugs by equating them to politicians, you insensitive clod!

          Yeah! Buttplugs have the common decency to hold shit back, rather than spewing it around at every conceivable opportunity!

          • (Score: 2) by rylyeh on Monday October 09 2017, @03:59AM

            by rylyeh (6726) <{kadath} {at} {gmail.com}> on Monday October 09 2017, @03:59AM (#579111)

            The best Buttplugs are Trans-Parent, of course. - Get it? Trans-Parent! HAHAHA!

            Ya, I'd better stop there...

            --
            "a vast crenulate shell wherein rode the grey and awful form of primal Nodens, Lord of the Great Abyss."
  • (Score: 3, Interesting) by Snotnose on Sunday October 08 2017, @12:30PM

    by Snotnose (1623) on Sunday October 08 2017, @12:30PM (#578858)

    Seems wandering around looking for these things has a name. screwdriving [arstechnica.com]

    --
    Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
  • (Score: 3, Insightful) by looorg on Sunday October 08 2017, @12:41PM

    by looorg (578) on Sunday October 08 2017, @12:41PM (#578862)

    The whole story just reeks of innuendo. The "Dongle" sounds like one of them scarey looking dildos. "Screwdriving" in Berlin, that shouldn't come as a surprise to anyone. I guess it could also be an indicator of that owning a dildo or two or an entire chest full just got a whole lot more common. What is perhaps surprising then is how they have all been upgraded to be "online". I guess it's just so cheap to just insert that piece of hardware it is not even an issue anymore. With that in mind and considering how shit IoT-security in general why would they invest heavily, or do anything different with or, in Dildo-security? Also as noted by the first AC comment this topic seemed all to familiar.

    That said tho I'm not beyond admitting that I did giggle a little that it was MrPlow that submitted the story ... (Sure we could just claim it's from the Simpsons but it could also be the least subtle p0rn-name ever).

  • (Score: 2, Funny) by Anonymous Coward on Sunday October 08 2017, @01:18PM (1 child)

    by Anonymous Coward on Sunday October 08 2017, @01:18PM (#578867)

    "Bluetooth dongle?" Kwoo kwoo, fnarr fnarr, k'snuck chortle!

    • (Score: 2) by Gaaark on Sunday October 08 2017, @03:46PM

      by Gaaark (41) on Sunday October 08 2017, @03:46PM (#578897) Journal

      Dey terk muh dildo!

      --
      --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
  • (Score: 2) by Joe Desertrat on Sunday October 08 2017, @09:44PM (3 children)

    by Joe Desertrat (2454) on Sunday October 08 2017, @09:44PM (#578993)

    I don't feel like looking them up so I can only imagine a dildo controlled from a smart phone so she can keep texting her friends while she's screwing herself.

    • (Score: 2) by c0lo on Sunday October 08 2017, @09:50PM (2 children)

      by c0lo (156) Subscriber Badge on Sunday October 08 2017, @09:50PM (#578996) Journal

      I imagine it could add a new interactive dimension to webcam porn.

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
      • (Score: 0) by Anonymous Coward on Sunday October 08 2017, @11:50PM (1 child)

        by Anonymous Coward on Sunday October 08 2017, @11:50PM (#579033)

        Yes, there's a name for this, I heard it first in the early 1980s... teledildonics for the win.

        • (Score: 2) by rylyeh on Monday October 09 2017, @03:56AM

          by rylyeh (6726) <{kadath} {at} {gmail.com}> on Monday October 09 2017, @03:56AM (#579110)

          Ha!

          --
          "a vast crenulate shell wherein rode the grey and awful form of primal Nodens, Lord of the Great Abyss."
(1)