A researcher have found a security flaw in a Bluetooth controlled sex toy that would allow someone to hack a butt plug.
Well, this is a pain in the butt. I apologize.
Italian security researcher Giovanni Mellini published the news of his finding on a blog post.
Want to stay up to date with security news? Please subscribe to our LinkedIN group , Like our Facebook page, or join our FREE Newsletter.
The device in question is Hush by Lovense, which, as the company puts it, “the world’s first teledildonic butt plug” that you can “control from anywhere!”
Unfortunately for Lovense, the butt plug has also joined a host of other teledildonic products that are remarkable for being insecure. In other words, even though you can control your butt plug “from anywhere,” it would appear that anyone within Bluetooth range can control it, too.
Giovanni wrote in his post: “Few weeks ago I bought a Bluetooth Low Energy (BLE) butt plug to test the (in)security of BLE protocol.
This caught my attention after researchers told us that a lot of sex toys use this protocol to allow remote control that is insecure by design.
The great Simone evilsocket Margaritelli wrote a BLE scanner called BLEAH (get it on github) and a wonderful post on how to use it to hack BLE devices”
“It is very easy to hack BLE protocol due to poor design choices,” Mellini wrote. “Welcome to 2017.”
Security news about how to hack a butt plug didn’t spark a burst of google searches, yet. However, the use of such low security protocols in order to beat your competitor and score a better “time to market” is concerning.
As alarming as these security news are, we still believe that the WPA2 hack is the most concerning vulnerability of the month.