Sex toys – I know who you had sex with yesterday

In times of pandemics and lockdowns, remotely controllable, smart sex toys have soared. A wide variety of functions can be controlled remotely via the smartphone and should thus provide more variety and entertainment, even if the partners are a bit far away from each other. But where there is light, there is also shadow. Security experts warn of the possibility of unwanted attacks by hackers. The so-called “man-in-the-middle attack” thus takes on a completely different meaning.

The man in the middle

Scientists have found that hackers can not only gain access to sensitive data, but can also gain access to end devices via Bluetooth and other insecure interfaces that use vibrators to connect to cell phones. It is therefore possible for an unauthorized third person to latch onto the data traffic and influence interpersonal traffic. In the IT industry, such attacks – in which a third person intervenes between two systems, are referred to as “man-in-the-middle (MITM)” attacks. Not only can personal or sensitive information be read from the applications, it is also possible to change settings remotely. From the point of view of the security experts, the attackers can not only find out who has or had sex with whom, when and where, but can also take targeted control of the smart sex toy.

The threat scenarios are bigger than you might think at first glance. Spying on conversations, video calls or unauthorized recordings via the cameras on the smartphone are possible on one end of the device. On the other hand, unexpected changes in speed or vibration can not only prevent some climaxes, but turn them into a painful experience.

In a new study, security experts Denise Giusto Bilic and Cecilia Pastorino from the security company ESET warn of the various possibilities of such attacks. From their point of view, modern sex toys offer too many interfaces and new functions, from video conferences to messaging, Internet access and Bluetooth compatibility, without taking sufficient account of the technical security of these connection options. The increasing number of options would also drastically increase the security risks. Should a provider also have a security gap in their systems, the hackers would be able to access sensitive data. This includes – depending on what the manufacturers save – name, location, e-mail addresses, sexual orientation and preferences, gender, lists of sexual partners as well as private photos and videos. If such data were made public, it could have further massive negative effects. It was also shown that physical injuries caused by the hostile takeover of remote control cannot be ruled out. For example, when the devices overheat due to overload.

The new “Privacy Not Included” report from Mozilla also shows that sex toys and dating apps collect private user data. Of the 24 dating apps examined, no fewer than 21 received the Mozilla label for the lack of protection of user privacy. “Despite the intimate nature of dating apps and the potential for data abuse, the public, not privacy, is the status quo,” the Mozilla press release said. “Many dating apps urge users to sign up for social media like Facebook, which gives them access to more personal information than users might think. Furthermore, data breaches and security breaches seem almost routine – Tinder, Bumble, OKCupid , Facebook Dating, and others have all had similar incidents recently. “

Does my date do drugs?

MatchGroup, the group behind dating apps like Tinder OkCupid, is introducing a function for background checking of potential dates in the USA. With the help of their first name and telephone number or their full name, users should be able to check whether their counterpart has entries in the criminal record. Other dating apps from the group are also expected to receive this paid function.

To do this, the company works with the US non-profit organization Garbo. According to their website, their goal is “to prevent gender-based violence in the digital age”. The organization collects publicly available information and reports of violence and abuse, arrests, judgments or injunctions. “From online dating to carpooling, we have more contact with strangers than ever before,” says Garbo’s website. “We can’t know if someone has been violent in the past until it’s too late.”

Here, too, privacy advocates are already reporting massive concerns. It remains to be seen whether such functions will also come outside of the US.