Hacked erotic toys: So unsure are smart sex toys

"Thanks to its ergonomic design and its flat, smooth workmanship, it glides almost invisibly into every panty with a noble magnetic clamp, stays firmly in place and performs discrete work there." So is a product description of the self-promotion "flattest Auflegevibrators in the world".

For a price starting from 27 euros the "Panty Buster" of the mark Vibratissimo can be ordered, to the target group belong humans in distance relations. "Vibratissimo offers a wide range of features with the unique app function", that's what it means. "Now the fun is not limited to just one place: with partners, friends or alone, controlling the toy is possible worldwide via smartphone!"

For some it may sound like the sex of the future. For others, it just sounds like 2018, a year in which companies connect pretty much everything to the Internet, from the front door to the tasty teller machine. Stupid only if then the IT security of their developments does not fit the modern age.

Vulnerabilities and features

Sec Consult

Vibrating vibrator by Vibratissimo next to a smartphone

"In networked devices for the 'Internet of Things', many manufacturers make extreme rookie mistakes," says Werner Schober, "even with sex toys - mistakes that were perhaps the norm 15 years ago." Schober, 24, advises SEC Consult on other companies in matters of IT security. At the Hackerkongress 35C3 in Leipzig, he gives a lecture on unsafe sex toys on Saturday evening. He spoke in advance with SPIEGEL.

Schober showed in February how badly secured his toys are. At that time he announced that the "Panty Buster" vibrator and the associated app, with which other Vibratissimo devices work together, had several serious security problems. Among other things, Schober was able to access the database of all registered app users, which included pictures, information about sexual orientation and user passwords - unencrypted.

In his blog post Schober also pointed out that the "Panty Buster" could be taken over by Bluetooth up close - in principle by everyone, regardless of whether the owner of the gadget wants it or not. Thanks to a too simple release system, Schober was even able to control foreign vibrators anywhere in the world, even over the Internet.

The customer database is now better protected thanks to a warning from Schober. Remote control of the vibrator by third parties, however, is still easily possible, even with newer devices, if they are used with the default settings. That's what it's supposed to be like for swinger club parties, Schober learned from the manufacturer.

Really convince him this reasoning not says Schober. He thinks that too much is thought of as a rather small group of buyers. "The vast majority of users probably do not know that this feature is usually enabled."

Not an isolated case

Sec Consult

Remote control of the Vibratissimo device

The "Panty Buster" Schober has examined for his master's thesis, which also involves two other sex toys called Magic Motion Flamingo and Realov Lydia. In each case he noticed data transfers to servers in China. "I would classify that as a privacy risk," says Schober, whose purpose is still unclear.

Werner Schober is not the first IT expert to hack sex toys and get some devastating results:

• In 2017, for example, We-Vibe had to pay a fine in the millions because the app secretly recorded usage data for its vibrators.
• In the same year, British security professionals announced how easy it is to hack into the built-in camera of a Svakom vibrator.
• Those British IT experts also found a way to identify where a particular Lovense anal sex toy is being used.
• And Lovense was once again in criticism in 2017, because an Android app of the company recorded audio recordings of a sex act on the smartphone.

Advertising page for the Magic Motion Flamingo

There are no concrete figures about how many people use sex toys with an Internet connection. Werner Schober estimates, with regard to the download numbers of corresponding apps, that there are several million worldwide. "Some devices have their own social network," says Schober, "for example, video chats and the exchange of images are possible."

"I suspect that the competition is quite large," says Schober, "that it's all about offering more and more features." The IT security is not deliberately ignored, but set other priorities. If you point out the manufacturer for defects, these would also be addressed. "The companies have in principle the possibilities to fix security errors."

Network projects should help

Asked if the situation will be better in two or three years, Schober points to two websites from the hacker scene: "Internet of Dongs" and "Buttplug.io". Both projects want to help make smart sex toys safer. For example, Buttplug.io allows Lovense, Vibratissimo, and Magic Motion devices to operate via open-source software rather than the manufacturer programs.

So far, however, only a few buyers are likely to know or exercise such options. "For most such a device is probably in the bedroom, is used - and that's it," believes Werner Schober. "Some will not even know that he can connect his sex toy via USB to the PC and then perform a firmware update - although this is practically quite easy."

Basically, Schober considers product testing, "continuous", such as consumer protection organizations, to be the best way to get sex toy manufacturers to make their devices safer: "Only one certification is not enough," he says. "This is a one-time thing that could give a false sense of security."

In addition, the 24-year-old refers to the technological progress, which could soon lead to the fact that interested parties no longer have to trust certain companies anyway. "In the future, there could be instructions on how to build a 3D toy sex toy yourself," says Schober. "All you have to do is equip it with a motor, and Raspberry Pi computers are getting smaller and smaller, something that could be integrated as well."