Security researcher Sarah Jamie Lewis wanted to demonstrate that the horrific stories of insecure networked sex-toys (and other Internet of Things devices) was the result of manufacturers' negligence, not the intrinsic limitations of information security.
So she bough a We-Vibe Nova sex toy and hacked it so that it could take commands over the cryptographically secured Tor anonymity/privacy network, using the Ricochet chat protocol to create an extra layer of security. The demo shows that the security problems with the IoT have more to do with the manufacturers' desire to spy on their customers than the difficulty of getting security right.
The online things that are possible to log are the commands being sent, and the onion address of the person sending them
— Sarah Jamie Lewis (@SarahJamieLewis) August 6, 2017
Lewis's approach uses Ricochet, a messaging program which creates a Tor hidden service for each user. Ricochet doesn't just protect the content of users' communications, but also obfuscates their metadata, making it harder for anyone snooping on the connection to see who is talking to whom. Lewis reverse-engineered her dildo, a Nova from Canadian company We-Vibe, so she could communicate with it over bluetooth. When combined, these elements allow anyone who knows the dildo's Ricochet address to send commands, such as "/max," to make the device vibrate. Lewis has uploaded the code to Github so others can try the experiment.
Motherboard started a 'chat' session with Lewis' vibe, and sent a series of simple commands. Lewis then sent a video of the dildo vibrating.
We Anonymously Controlled a Dildo Through the Tor Network [Joseph Cox/Motherboard]