Smart Sex Toy Fails Penetration Test

Yep, it's yet another dildon’t Security researchers have found multiple vulnerabilities in smart sex toys that crea

Office Zero Day Delivering FINSPY Spyware to Victims in Russia
Data Breach Roundup: U.S. Healthcare, Cryptopia, SingHealth and Experian
ToRPEDO Privacy Attack on 4G/5G Networks Affects All U.S. Carriers

Yep, it’s yet another dildon’t

Security researchers have found multiple vulnerabilities in smart sex toys that create the potential for all sorts of mischief by hackers.

The Vibratissimo Panty Buster and its associated services from German company Amor Gummiwaren were riddled with flaws that create all manner of privacy risks, the researchers said.

A database containing all the customer data (explicit images, chat logs, sexual orientation, email addresses, passwords in clear text, etc) was openly accessible on the internet. Enumeration of users’ explicit images was possible because of predictable numbers and missing authorisation checks.

SEC Consult has confirmed with The Reg that the database is not accessible any more.

Worse yet, an attacker might be able to remotely turn on the device without the consent of the its owner, security researchers discovered. Non-consensual “tickling” could be carried out either against a nearby Bluetooth-based device or over the internet.

Youtube Video

Based on app download figures, tens of thousands of users are potentially affected.

The research was carried out by Werner Schober in cooperation with security consultancy SEC Consult and the University of Applied Sciences St. Pölten, Austria.

The Vibratissimo Panty Buster, its associated iOS/Android application and the server backend had multiple vulnerabilities, including:

  • Customer database credential disclosure
  • Exposed administrative interfaces on the internet
  • Cleartext storage of passwords
  • Unauthenticated Bluetooth LE connections
  • Insufficient authentication mechanism
  • Insecure direct object reference
  • Missing authentication in remote control
  • Reflected cross-site scripting

SEC Consult contacted CERT-Bund (part of German Federal Office for Information Security) to help coordinate the disclosure process for the German vendor. Most of the most severe vulnerabilities have been addressed.

As a hotfix, the hardware manufacturer has already implemented a more secure pairing method in a new firmware version. According to claims by the researchers, however, the vendor had initially gone as far as to dispute whether hacker manipulation of other people’s devices was a problem before it made the fix. SEC Consult alleged the manufacturer had said it was even a “desired property of the sex toy”.

We’ve asked Amor Gummiwaren for comment.

This research was done as a part of a master’s thesis with the goal of reviewing multiple smart sex toys including several teledildonics devices. ®

Go to Source