At The Register, John Leyden warns anyone using an internet-of-things sex toy that their device can be easily detected and exploited by (I kid you not) “screwdrivers” (below the fold, just in case you’re extra-concerned for potentially NSFW content):
Security researchers have figured out how to locate and exploit smart adult toys.
Various shenanigans are possible because of the easy discoverability and exploitability of internet-connected butt plugs and the like running Bluetooth’s baby brother, Bluetooth Low Energy (BLE), a wireless personal area network technology. The tech has support for security but it’s rarely implemented in practice, as El Reg has noted before.
The shortcoming allowed boffins at Pen Test Partners to hunt for Bluetooth adult toys, a practice it dubbed screwdriving, in research that builds on its earlier investigation into Wi-Fi camera dildo hacking earlier this year.
BLE devices also advertise themselves for discovery. The Lovense Hush, an IoT-enabled butt plug, calls itself LVS-Z001. Other Hush devices use the same identifier.
The Hush, like every other sex toy tested by PTP (the Kiiroo Fleshlight, Lelo, Lovense Nora and Max), all lacked adequate PIN or password protection. If the devices did have a PIN it was generic (0000 / 1234 etc). This omission is for understandable reasons. PTP explains: “The challenge is the lack of a UI to enter a classic Bluetooth pairing PIN. Where do you put a UI on a butt plug, after all?”
The only protection is that BLE devices will generally only pair with one device at a time and their range is limited.
By walking down a regular Berlin street with a Bluetooth sniffer, a PTP researcher was able to discover a number of Lovense sex toys, identifiable from their identifiers, through passive reconnaissance.
