{"id":40336,"date":"2017-10-01T05:00:58","date_gmt":"2017-10-01T09:00:58","guid":{"rendered":"http:\/\/quotulatiousness.ca\/blog\/?p=40336"},"modified":"2017-09-30T17:05:23","modified_gmt":"2017-09-30T21:05:23","slug":"when-network-security-intersects-teledildonics","status":"publish","type":"post","link":"https:\/\/quotulatiousness.ca\/blog\/2017\/10\/01\/when-network-security-intersects-teledildonics\/","title":{"rendered":"When network security intersects teledildonics"},"content":{"rendered":"<p>At <em>The Register<\/em>, <a href=\"https:\/\/www.theregister.co.uk\/2017\/09\/29\/ble_exploits_screwdriving\/\" rel=\"noopener\" target=\"_blank\">John Leyden<\/a> warns anyone using an internet-of-things sex toy that their device can be easily detected and exploited by (I kid you not) &#8220;screwdrivers&#8221; (below the fold, just in case you&#8217;re extra-concerned for potentially NSFW content):<\/p>\n<p><!--more--><\/p>\n<blockquote><p>Security researchers have figured out how to locate and exploit smart adult toys.<\/p>\n<p>Various shenanigans are possible because of the easy discoverability and exploitability of internet-connected butt plugs and the like running Bluetooth&#8217;s baby brother, Bluetooth Low Energy (BLE), a wireless personal area network technology. The tech has support for security but it&#8217;s rarely implemented in practice, as <em>El Reg<\/em> has noted before.<\/p>\n<p>The shortcoming allowed boffins at Pen Test Partners to hunt for Bluetooth adult toys, a practice it dubbed screwdriving, in research that builds on its earlier investigation into Wi-Fi camera dildo hacking earlier this year.<\/p>\n<p>BLE devices also advertise themselves for discovery. The Lovense Hush, an IoT-enabled butt plug, calls itself LVS-Z001. Other Hush devices use the same identifier.<\/p>\n<p>The Hush, like every other sex toy tested by PTP (the Kiiroo Fleshlight, Lelo, Lovense Nora and Max), all lacked adequate PIN or password protection. If the devices did have a PIN it was generic (0000 \/ 1234 etc). This omission is for understandable reasons. PTP explains: &#8220;The challenge is the lack of a UI to enter a classic Bluetooth pairing PIN. Where do you put a UI on a butt plug, after all?&#8221;<\/p>\n<p>The only protection is that BLE devices will generally only pair with one device at a time and their range is limited.<\/p>\n<p>By walking down a regular Berlin street with a Bluetooth sniffer, a PTP researcher was able to discover a number of Lovense sex toys, identifiable from their identifiers, through passive reconnaissance.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>At The Register, John Leyden warns anyone using an internet-of-things sex toy that their device can be easily detected and exploited by (I kid you not) &#8220;screwdrivers&#8221; (below the fold, just in case you&#8217;re extra-concerned for potentially NSFW content):<\/p>\n","protected":false},"author":1,"featured_media":35193,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[15],"tags":[129,1030,702,334,255],"class_list":["post-40336","post","type-post","status-publish","format-standard","hentry","category-technology","tag-hack","tag-internetofthings","tag-nsfw","tag-security","tag-sexuality"],"jetpack_featured_media_url":"https:\/\/quotulatiousness.ca\/blog\/wp-content\/uploads\/2016\/06\/favicon.png","jetpack_shortlink":"https:\/\/wp.me\/p2hpV6-auA","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/40336","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/comments?post=40336"}],"version-history":[{"count":1,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/40336\/revisions"}],"predecessor-version":[{"id":40337,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/40336\/revisions\/40337"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/media\/35193"}],"wp:attachment":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/media?parent=40336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/categories?post=40336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/tags?post=40336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}