Information that is processed by similar devices consists of highly sensitive data, such as user, name, sexual orientation, list of partners, personal photos and videos
According to the information portal for SECURITYLAB, the specialists of the ESET anti-virus software developer specialists reported that the recently introduced intimate toys can be overtowed by hackers.
Researcher Denise Bilic and Cecilia Pastorino demonstrated as technology like Bluetooth and unsafe
Make personal IoT devices vulnerable to attacks that go far beyond compromising user privacy.
According to experts, sex toys of the new generation are equipped with many features, such as messaging, online conference, Bluetooth and network access. It is specified that most of these devices have two communication channels. First, the connection between the toy and the user of the smartphone is installed using Bluetooth Low Energy (BLE) technology. Secondly, in order to "connect" the application and the device must be connected to the Internet. It is known that "smart" toys use servers with endpoints that handle requests.
Sometimes a cloud service acts as an intermediary between a device and a smartphone and uses features such as file transfer, video conferencing and chat, and is also able to provide the ability to remotely control.
It is specified that the information that is processed by sex toys consists of highly sensitive data, such as the user, name, sexual orientation, list of partners, personal photos and video recordings. In the event of a leak, such things can compromise the user, and this will take advantage of fraudsters and blackmail.
According to experts, intimate toys can also pose a threat to user health, for example, due to overheating. Moreover, the attackers are able to "intercept" control over the device during its work and send commands.
Denise Bilic and Cecilia pasteorino analyzed the "smart" MAX toys from Lovense companies and WE-VIBE JIVE. It turned out that both of these devices use the "Just Works" system, the least secure Bluetooth pairing method. Using the Btlejuice framework and two Ble-keys, the research has demonstrated how an attacker can take control of a sex toy and intercept control of it. It can modify commands and transmit them again to change the device settings, including vibration mode, intensity, etc..
In addition, endpoints
With the help of which a remote partner is connected, a token is used, selected by the brute force. This allows an attacker to remotely control the device waiting for connecting through active tokens, without consent or user knowledge. Earlier
"She wrote that Cyberkerspert called to urgently remove the" very dangerous "application on the phone.