How does Hacking really affect O-Town?
Our sex lives and fantasies are among some of the most private parts (pun intended) about us. We do not openly share our thoughts among people we first meet at a dinner party, or maybe some of us do... but mostly these secrets are shared among only close friends and/or partners.
But what happens when your deepest, darkest thoughts get brought to light against our will? Even worse, what if this information lands in the hands of malicious hackers?
That is exactly what is happening with some of the world's newest and rapidly growing ways to pleasure ourselves; teledildonics, sex toys and apps and the vulnerabilities that come with them.
One of the most intriguing and perhaps head scratching attacks that happened was to Qiui’s Cellmate. This is a chastity belt your partner can lock and unlock remotely through a special mobile application. With a tap of literally a finger, someone can lock up your genitals in a metal ring.
If exploited, these flaws would allow hackers to remotely lock you in the belt, which does not have a manual safe word (unlock function).
Unfortunately for one victim, Sam Summers, fell target to a hacker who locked his erection preventing belt (yes you read that right) for $ 1, 000 bitcoin, increasing the Ransome amount every time Mr. Summers paid it. He noticed the hack when he received the most unsettling message, and it wasn’t a freaky game he was playing with his partner...The message read, “Your cock is mine now.”
Boner killer for sure.
Luckily, he was able to be freed (uncastrated) by physically having the Wi-fi connected toy cut off (poor choice of words?), but this security flaw garnered the attention of researchers around the world.
The flaw also allowed hackers to take control over the device by exploiting its Bluetooth connection. It failed to fully anonymize users, allowing hostile third parties to contact some of them directly, and exposed the device’s locking mechanism to outside control. Even more so, this toy was connected through social networking where users can communicate, which adds to the vulnerability. The flaw was fixed via update but not after the risk to 50, 000 genitals.
Obviously, anything connected to WWW, and Bluetooth is hackable. Bluetooth raises more alarms as a butt-plug made by Hush was compromised through its Bluetooth connection being intercepted. Meaning, anyone within Bluetooth range to get the signal to the device would be able to control it.
A few years ago, researchers discovered vulnerabilities in “Panty Buster” sex toys sold under the Vibratissimo brand. Hackers could use a back door (been waiting to use this) to access user data, including images, chat logs, sexual orientation, passwords, and more. The flaw also allowed hackers to take control over the device by exploiting its Bluetooth connection.
Another incident included a camera in 201 7, researchers from Pen Test Partners discovered a vulnerability in Svakom Siime Eye, a dildo that has an integrated camera and allows users to stream videos to anyone. The problem is that anyone within the device’s Wi-Fi range could access the videos and the dildo’s unprotected webserver if they could guess the device password. The default password was “88888888”, so not incredibly HARD to hack. Maybe 696969 would have been better?
Attackers are finding even more sneaky ways to steal our information through toy charging systems. It turns out that this happened to an unfortunate victim who bought the toy called “Spencer’s Sexology Pussy Power 8-Function Rechargeable Bullet Vibrator.” Say that 5 times fast!
Once the user plugged the USB into their computer to charge it, the malware that had been programmed onto the toy had automatically downloaded a malicious file.
Instantly, the user recognized this and stopped the download. The Malware tried to infect the computer with an information stealer known as Lumma, previously known as LummaC2. This virus is a subscription-based information stealer that has been seen in its natural habitat since 2022.
Smart sex toys have become part of the network of internet of things (IoT) devices and can be hacked the same way that any other IoT device can. This allows opportunities for security violations of all kinds. A few years ago, a Texas couple woke up to an unknown voice coming from their Wi-Fi-enabled baby monitor, threatening to kidnap their child. Imagine if your dildo said that?
As we are aware, hospitals, government agencies, and even nuclear power plants have all become regular targets for ransomware. (Apparently, not even your butt-plug is safe.)
Perhaps an erection stopping belt is not always perceived as important as a nuclear power plant hack or your child being kidnapped however, it’s still YOUR data and it is still at risk.
During Covid the sales of sex toys pulsed to the top. For example, there was reported a 200 percent year-over-year online sales increase in April 2020.
However, teledildonics come with risks to variety of breaches, from the nonconsensual gathering, release, or use of personal data to the easy discoverability of Wi-Fi or Bluetooth signals by other networked devices nearby.
Partly due to the fact that niche producers of smart sex toys often have less ability to engineer strong user protections than massive (ba dum) tech companies like Apple, who regularly pushes security selling features as a reason to buy. In 2017, Canadian sex-toy brand We-Vibe paid a $4 million settlement after its eavesdropping vibrator collected intimate data on users’ body temperatures and preferred vibration intensities without their consent.
Devices that record data also risk exposing private endeavors for example the Lovense Remote, the app controlling Lovense’s smart vibrators, was capturing surreptitious audio of their sessions due to a bug.
While the data generated by teledildonic devices can be exploited by third parties, there is still an onus on companies to ensure that their intended data uses are clearly laid out for users to agree to (or not). Interestingly, some legal thought suggests digital consent line up with sexual consent. This should push willing buyers to read the fine print of their purchase instead of skipping right to click AGREE.
Interestingly enough, the Russians have their own dildo catastrophe but aren’t they always somewhat involved? This time however, the attack is facing Russia and the use of sex toys to cease the Russian military.
Ukrainian activists claimed they hacked the online shopping account of a Russian military volunteer who has been buying drones for Moscow’s forces — and instead crowdfunded a mouthwatering, 25 k worth on dildos. The 25 k worth he would have spent on drones...
A group Kiber Sprotyv (Cyber Resistance) have made claims that they targeted the AliExpress account of Mikhail Luchin — a friend of pro-Russian military blogger Vladlen Tatarsky (aka Maxim Fomin), who was killed in a St. Petersburg café explosion.
Luchin was collecting money to buy drones for Russian troops to use in Ukraine.
“He is a war criminal, volunteer, blogger and now dildo owner,” the hackers said in a statement.
In the fight against an overwhelming amount of plastic penises, Luchin has decided to use this unexpected purchase as a new way to shovel in money and drones and open his own sex shop. Imagine if they were using flying dildos to spy on the military?
Do pigs fly yet?
As scary as it all sounds there are some ways to protect yourself...
Here is a list of some measures to take to make sure your intimate doings are kept that way:
Uncover how we can help put your resilience to the test.
