Two of the most sold smart sex toys in the Netherlands were unsafe. They could be remotely taken over by malicious parties, security company reports ESET Thursday.
These are the WeVibe Jive and Lovense Max, which can be controlled remotely via the internet. The researchers took a closer look at the accompanying Android apps (WeConnect and Lovense Remote) that control the toys.
During their research, they found several vulnerabilities. For example, it was possible to take over the bluetooth connection from WeVibe Jive with a bluetooth scanner, at a distance of up to 8 meters.
Moreover, no permission or verification was required to establish a connection. “Malicious people could see who is wearing the device and then take over and control it, with serious consequences,” write the researchers.
The Lovense Max faced a similar problem. It consists of two separate sex toys that are connected to each other via the internet. An attacker could take control of both devices by breaking the security of one of the two toys.
Images could be forwarded to third parties
In addition, according to the researchers, “questionable privacy choices” were also made. For example, e-mail addresses were stored unencrypted, the app was sloppy with location data and it was possible to forward images to third parties.
ESET has disclosed the vulnerabilities to the sex toy manufacturers. They have since been remedied, the report said.
– .