Hacking the sex toy, no bull...

Everything that could be connected to a computer could be potentially exploited to hack it, we know about the cases that demonstrated possibility of compromising a PC by using a mobile phone charger or an e-cigarette. The exposure to cyber threats dramatically increase when these devices exchange data over the internet, lack of proper security are most common issue that could expose our data. 

And here it comes … Internet connected sex toys. Forbes has published a peculiar post on results of a penetration test conducted on sex toys that connect to the internet. 

Ken Munro, the expert at Pen Test Partners has tested the Nora and Max toys designed by Lovense. The sex toys not only allow users to use functionality via an app, but also allow owners to contact another user only to give him the commands of the toy from afar. “Someone in rural Berkshire, for instance, could titillate a lover in Timbuktu just by pushing some buttons on their smart phone, or from PC. It’s all done over something called “teledildonic software” - says Forbes. 

It's not ends here, there is also a “Body Chat” service that connects the sex toys, a kind of Skype for virtual sex. Here’s where the security problems begins, Munro told Forbes. Munro explained that there are several significant security issues in the environment of the sex pleasure, for example the registration process is not protected by encryption, allowing anyone to snoop user’s data, the passwords are stored in easy to break weak encryption. “It will clearly be trivial to compromise a user’s account and access some quite juicy content, particularly so if the victim is a ‘friend’ in a shared household using the same wireless access point,” said Munro. Another potential flaw is related to the management of videos in the removable storage of the device. “It doesn't take much to realize that in the event of a lost, stolen or sold phone, that’s potentially naked selfie masturbation videos,” added Munro. “Encryption of the phone and removable storage would mitigate this, but few Android users prior to Lollipop do, and that also assumes that there aren't other ways to root the phone. Some Android handsets can’t handle encryption of external storage either.”

Now consider the potential application to a sex robot intended for adult use. The robot could be used as some kind of spy that could be potentially controlled by another person without the user’s knowledge or permission. An attacker could control both what the robot says and does. Everything that could be connected to mobile devices or directly exposed on the Internet, like the sex toys, could enlarge the surface of attack exposing a data and habits to bad actors.