Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday October 08 2017, @10:22AM   Printer-friendly
from the insert-witty-something-here dept.

Submitted via IRC for TheMightyBuzzard

At this point we've pretty well documented how the "internet of things" is a privacy and security dumpster fire. Whether it's tea kettles that expose your WiFi credentials or smart fridges that leak your Gmail password, companies were so busy trying to make a buck by embedding network chipsets into everything, they couldn't be bothered to adhere to even the most modest security and privacy guidelines. As a result, billions upon billions of devices are now being connected to the internet with little to no meaningful security and a total disregard to user privacy -- posing a potentially fatal threat to us all.

Unsurprisingly, the sex toy division of the internet of broken things is no exception to this rule. One "smart dildo" manufacturer was recently forced to shell out $3.75 million after it was caught collecting, err, "usage habits" of the company's customers. According to the lawsuit, Standard Innovation's We-Vibe vibrator collected sensitive data about customer usage, including "selected vibration settings," the device's battery life, and even the vibrator's "temperature." At no point did the company apparently think it was a good idea to clearly inform users of this data collection.

Source: https://www.techdirt.com/articles/20171003/13375238336/sex-toys-are-just-as-poorly-secured-as-rest-internet-broken-things.shtml


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by maxwell demon on Sunday October 08 2017, @11:39AM (9 children)

    by maxwell demon (1608) on Sunday October 08 2017, @11:39AM (#578850) Journal

    That's not an example of broken security. Broken security would mean a data leak not intended by the manufacturer.

    This is a data leak intended by the manufacturer. In other words, a privacy violation.

    --
    The Tao of math: The numbers you can count are not the real numbers.
    Starting Score:    1  point
    Moderation   +3  
       Insightful=3, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 5, Informative) by The Mighty Buzzard on Sunday October 08 2017, @11:51AM (8 children)

    by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Sunday October 08 2017, @11:51AM (#578852) Homepage Journal

    Yeah, you gotta RTFA to see the broken security.

    But security is also lacking elsewhere in the world of internet-connected sex toys. Alex Lomas of Pentest Partners recently took a look at the security in many internet-connected sex toys [pentestpartners.com], and walked away arguably unimpressed. Using a Bluetooth "dongle" and antenna, Lomas drove around Berlin looking for openly accessible sex toys (he calls it "screwdriving," in a riff off of wardriving). He subsequently found it's relatively trivial to discover and hijack everything from vibrators to smart butt plugs -- thanks to the way Bluetooth Low Energy (BLE) connectivity works:

    "The only protection you have is that BLE devices will generally only pair with one device at a time, but range is limited and if the user walks out of range of their smartphone or the phone battery dies, the adult toy will become available for others to connect to without any authentication. I should say at this point that this is purely passive reconnaissance based on the BLE advertisements the device sends out – attempting to connect to the device and actually control it without consent is not something I or you should do. But now one could drive the Hush’s motor to full speed, and as long as the attacker remains connected over BLE and not the victim, there is no way they can stop the vibrations."

    --
    My rights don't end where your fear begins.
    • (Score: 2) by maxwell demon on Sunday October 08 2017, @12:06PM (5 children)

      by maxwell demon (1608) on Sunday October 08 2017, @12:06PM (#578855) Journal

      Which means the quote from the summary was poorly selected.

      --
      The Tao of math: The numbers you can count are not the real numbers.
      • (Score: 4, Informative) by The Mighty Buzzard on Sunday October 08 2017, @12:12PM (4 children)

        by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Sunday October 08 2017, @12:12PM (#578857) Homepage Journal

        Indeed. I take part of the blame for being a lazyass and using my IRC bot to do the submission (only includes who subbed it, a title, a very brief summary, and a link to TFA) but I'm happy to share some of the blame with Fnord666 as well.

        --
        My rights don't end where your fear begins.
        • (Score: 2) by Fnord666 on Sunday October 08 2017, @04:39PM (3 children)

          by Fnord666 (652) on Sunday October 08 2017, @04:39PM (#578904) Homepage

          Indeed. I take part of the blame for being a lazyass and using my IRC bot to do the submission (only includes who subbed it, a title, a very brief summary, and a link to TFA) but I'm happy to share some of the blame with Fnord666 as well.

          Mea Culpa. I failed you all on this one and I apologize. It's on me to learn from this and do better.

          • (Score: 2) by The Mighty Buzzard on Sunday October 08 2017, @06:29PM (2 children)

            by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Sunday October 08 2017, @06:29PM (#578923) Homepage Journal

            Okay, no floggings this time but don't let it happen again.

            --
            My rights don't end where your fear begins.
            • (Score: 3, Funny) by Anonymous Coward on Sunday October 08 2017, @07:10PM (1 child)

              by Anonymous Coward on Sunday October 08 2017, @07:10PM (#578934)

              No! NO! WE MUST HAV ZEE FLOGGINGS!

              • (Score: 4, Touché) by c0lo on Sunday October 08 2017, @09:45PM

                by c0lo (156) Subscriber Badge on Sunday October 08 2017, @09:45PM (#578994) Journal

                I see. You paid for a SM session.
                Apologies for the mix-up. Does it include bondage as well?

                --
                https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    • (Score: 3, Touché) by Anonymous Coward on Sunday October 08 2017, @01:35PM (1 child)

      by Anonymous Coward on Sunday October 08 2017, @01:35PM (#578869)

      Are we sure that's a bug and not a feature? I'm pretty sure there are those who'd get off on turning over control to whoever finds the connection.

      • (Score: 1, Informative) by Anonymous Coward on Sunday October 08 2017, @06:00PM

        by Anonymous Coward on Sunday October 08 2017, @06:00PM (#578917)

        In this instance perhaps. But if one can force a BLE device to drop pairing, they are apparently free game (unless that is a poor implementation of the BLE spec, not sure).

        And BLE shows up in more than sex toys. Think all kinds of medical devices, devices that do more than passively monitor ones vital signs...