Hacker Compromises Smart Sex Toy

The IoT ecosystem is full of weird and strange devices, including smart sex toys. And like all the other devices, smart sex toys are vulnerable, as a security researcher found.

During the DEF CON conference that took place in the Las Vegas’ Paris Hotel & Casino, a security researcher named ‘smea’ showed how he could compromise the Lovense Hush smart sex toy via a vulnerability.

The researcher found the dongle had no protection, allowing users to upload their own code. Using an existing BLE (Bluetooth Low Energy) vulnerability, the attacker could continue to compromise the dongle over Bluetooth since the device uses an old version of a chip from Nordic Semiconductor. The manufacturer of the chip says that all hardware built after July 2016 is no longer vulnerable.

Unfortunately, it’s impossible to tell how many of these chips remain in operation and how spread out and active they might be.

“The idea is that from the dongle you can actually compromise the app that’s running on a computer,” says ‘smea’ for Gizmodo. “IoT developers have all these newer technologies, like javascript-based applications, working together with these super-low level microcontrollers. They don’t necessarily understand the implications of, for example, dumping raw input from the dongle to HTML.”

The application itself is written with Electron and relies on Chromium, but for some strange reason, it doesn’t use a sandbox, which means attackers could use the flaw to do almost anything, including deploy ransomware.

The researcher also raised a problem that goes way beyond the vulnerability of a smart device. If someone were to activate the toy remotely, without the user’s consent, would be it be enough to consider it a sexual assault?