Penetration tester releases proof-of-concept code for hijacking smart buttplugs

Last week at Defcon, a security researcher named Smea presented their findings on vulnerabilities in the Lovesense Hush, an internet-of-things buttplug that has already been shown to have critical privacy vulnerabilities. Read the rest

The Internet of Dongs remains a security dumpster-fire -- UPDATED

The Internet of Dongs is Brad Haines's term for the world of internet-connected, "teledildonic" sex toys, and Haines, along with Sarah Jamie Lewis, have exhaustively documented all the ways in which internet-connected sex toys can screw you, from leaking private data to physically attacking your junk. Read the rest

Lovesense sex toys make accidental audio recordings of your sex sessions, which the company describes as a "minor bug"

Lovesense -- the company that made the Bluetooth-enabled vibrating buttplugs that could be detected and hacked remotely and settled a class-lawsuit over collecting vibrator users' personal information for $3.75M -- has told users of its Lovesense Remote vibrator app not to worry about the "minor bug" that causes it to record the audio of their sex sessions. Read the rest

Bluetooth sex toys are trivial to compromise just by walking around neighborhoods

Bluetooth Low Energy (BLE) is the go-to protocol for low-powered networking in personal devices, so "smart" sex-toy manufacturers have adopted it -- despite the protocol's many vulnerabilities. That means that hackers can now wander city streets, detecting and compromising sex toys from the sidewalk, in a practice that Pentest Partners' Alex Lomas has dubbed "Screwdriving" (analogous to "Wardriving"). Read the rest