Spy in the bedroom: experts warned about the risks of "smart" sex toys

Smart sex toys that are controlled from smartphones can carry serious risks of intimate data leakage. As experts explained to Izvestia, companion apps for such devices collect extremely sensitive information, including details of sexual behavior. In case of leaks, this information may end up in the hands of intruders. For more information about the risks of smart sex toys, how cybercriminals can exploit vulnerabilities in their software, and how to protect themselves from such threats, see the Izvestia article.

What is known about the risks of smart sex toys

The fact that "smart" sex toys with applications can carry serious risks of intimate data leakage was reported in December by Wired. Journalists, citing analysts, noted that companion applications for such devices collect extremely sensitive information, including details of sexual behavior, frequency of use, intensity settings, as well as data on geolocation and IP addresses of users.

According to digital privacy expert Ray Walsh, if the remote control function is used, connected gadgets can also collect data about a partner. At the same time, most manufacturers of "smart" sex toys claim that information is being collected only to improve products and target advertising.

Photo: Getty Images/PonyWang

However, the collected information can be either resold to third parties or end up in the hands of intruders in the event of a data leak, experts Chris Hawke and Paul Bischoff warned.

Wired recalled the scandal of 2015, which centered on the Siime Eye vibrator from Svakom. The camera device had a standard eight-figure-eight password, which was publicly available in the instructions. As a result, any user in the Wi-Fi coverage area could connect to the broadcast — later the Siime Eye model was discontinued.

And the password is naked: who is not allowed to post explicit photos on social networks

A clinical psychologist told how intimate images of teachers affect the fragile child's psyche.

Why the proliferation of "smart" sex toys creates risks

Today, the industry of "smart" sex gadgets is rapidly developing: toys are becoming cheaper, which means they appear in many people's homes. Ivan Anufriev, an information security specialist and founder of Cybersystem, talks about this in an interview with Izvestia.

—Mass—produced products always arouse the interest of scammers: the average person rarely cares about privacy and data protection, and some devices can collect very sensitive information for the user," the expert notes.

Photo: IZVESTIA/Sergey Konkov

According to Ivan Anufriev, new models of sex toys are constantly appearing on the market, and many of them have weak protection against cyber threats. As a result, fraudsters can intercept data and remotely control gadgets, as well as gain access to photos, videos and other personal data of users.

Smart sex toys are, in fact, Internet devices with a high degree of vulnerability, adds Alexey Mironov, a leading specialist in the research and development department of Stakhanovets and an expert in the field of information security.

When developing such devices, the emphasis is on functionality and design, and security issues often remain secondary. As a result, their software, phone communication protocols (for example, via Bluetooth), and mobile applications may contain glaring errors that allow hackers to gain access to the device or data.

Photo: Getty Images/Cavan Images

— Users face two main types of threats, — says Alexey Mironov. — The first is a threat to privacy: through a hacked device or application, attackers can obtain extremely personal data, such as usage history, audio recordings, or even videos. The second, more dangerous, threat is the threat of physical control, when a criminal can remotely manipulate the operation of a gadget, which is fraught with psychological trauma and real physical harm.

Spiders and neural networks: how cyberbullying using pornographic deepfakes becomes a problem for teenagers

Schoolchildren are increasingly using artificial intelligence to bully their peers

What is the interest of cybercriminals in the data of "smart" sex toys?

Hacking of "smart" sex toys can be interesting to cybercriminals for many reasons, says Sergey Ivanov, founder of Amatus Group of Companies (manufacturer of intimate goods). And the leakage of intimate data or access to media files are far from the only ones.

"There is also a risk of leakage of the user's personal financial data, because the toy gets open access to a smartphone and a home Wi-Fi network, which means, quite possibly, to all sites and applications used by the owner," the Izvestia interlocutor notes.

Photo: IZVESTIA/Yulia Mayorova

According to Sergei Ivanov, intruders can steal money through "smart" sex toys and receive materials to blackmail users. There is another threat: infected devices are often combined into huge networks to work for the purposes and interests of the customer, whether mining, spam or viruses.

In addition, smart devices are often used as an element of botnets: after being hacked, they become part of a botnet and are used for DDoS attacks or other malicious actions - this is a common story for the IoT environment as a whole, agrees Vladimir Dashchenko, cybersecurity expert at Kaspersky Lab.

Photo: IZVESTIA/Yulia Mayorova

In addition, Internet of Things gadgets can become an entry point for more serious attacks, for example, to penetrate the internal network of a home or even corporate infrastructure if the gadget is connected to a shared network.

— In some cases, cyber attacks on "smart" sex gadgets can be targeted if a specific person becomes the target, — Alexey Mironov notes.

Blackmail of a public figure or an employee with access to valuable information is an opportunity to access the victim's work emails, correspondence, and documents, using personal vulnerability for corporate espionage or extortion.

How to protect yourself from the risks of smart sex toys

In order to protect themselves from cyber threats related to data leaks and hacking of "smart" sex toys, experts interviewed by Izvestia advise following a number of cybersecurity rules.

In particular, Vladimir Dashchenko notes that protection against such threats generally boils down to basic cyber hygiene. Users should enable two-factor authentication in their accounts whenever possible, as well as regularly update the software and firmware of their smart devices, even if they are talking about sex toys.

Photo: Getty Images/Jupiterimages

— It is important not to store excessive amounts of personal and private information in profiles, so that in case of compromise, the damage is minimal. And, of course, you should carefully consider the security settings in applications, as well as the general condition of your devices. Always keep your ears on top, as they say," the expert notes.

In turn, Sergey Ivanov recommends following the following rules that minimize risks for users:

• buy "smart" sex toys only from well-known brands and manufacturers;
• carefully check the safety settings of toys and applications, as well as change factory logins and passwords to personal ones;
• carefully check all permissions requested by the toy or its application: do not give access to photos and videos on your smartphone or computer;
• Connect the toy only via Bluetooth on your phone;
• Do not connect the gadget to public networks in public places, including hotels and beaches.;
• Do not leave the toy connected to the Internet when it is not in use.

— Compliance with these simple measures will protect you from leakage of important personal data, loss of money and blackmail by intruders, and your pleasure will not be marred by anything, — concludes the interlocutor of Izvestia.