Tech firm warns that hackers can now hack web-connected sex toys easily
If hacking computers and mobile phones was not enough, hackers are now threatening to hack your intimate moments too. As more and more devices become connected to the internet, security researchers have warned that quick-witted hackers can easily take control of sex toys connected to the internet.
To demonstrate that everything that’s connected to the Internet is susceptible to attacks, security firm Trend Micro’s spokesman Udo Schneider hacked into a large, neon-pink web-connected vibrator at the CeBIT technology fair in Germany this week. The sex toy was brought to life by typing out a few lines of code on his laptop.
While the stunt triggered sheepish giggles, the message was sobering. As the number of smart, interactive devices connected to the internet blows up, concern is rising about insufficient protections and a lack of consumer and employee awareness.
“If I hack a vibrator it’s just fun,” Raimund Genes, Chief Technology Officer at Tokyo-listed Trend Micro, told reporters at the CeBIT technology fair in Hanover.
“But if I can get to the back-end, I can blackmail the manufacturer,” he added, referring to the programming system behind a device’s interface.
According to the government’s latest IT Security Report, Germany, who is hosting CeBIT and is home to world champion manufacturers, offers rich pickings for hackers, with attacks on industrial production sites increasing. Germany in the recent past has also witnessed various German businesses, hospitals and even the government being targeted by hackers.
In 2014, a German steel mill suffered “massive damage,” after cyber attackers got into the computer network. In recent weeks, numerous German hospitals have come under attack from Ransomware, a virus that encrypts data on infected machines and demands that users pay to get an electronic key to unlock it.
The German government got its own wake-up call last year, when the lower house of parliament in Germany was attacked by hackers, who compelled it to shut down the system for a few days and compromising large amounts of data.
Dirk Arendt, director of public affairs at Israeli cyber security firm Check Point Software Technologies, said, “If someone decided to start shooting with a pistol from the roof of the Reichstag (parliament), security guards would be all over them. But when data are siphoned off for months, no one bats an eyelid. There is a lack of awareness.”
In July last year, Germany approved an IT security law to respond to the increasing growing threat. This law orders 2,000 providers of critical infrastructure to implement minimum security standards and report serious breaches or face penalties.
According to IT lobby group Bitkom, 51% of companies in Germany have been victims of digital espionage, data theft or sabotage in the past two years. Two-thirds of the country’s SMEs have registered attacks and 84 per cent of managers expect the situation will get even worse with the growing connectivity.
On the other hand, there are several sex toy manufacturers who have launched products that can connect to smartphones and computers via WiFi and Bluetooth, allowing users to control them and download software updates.
According to experts, companies very often treat security as an afterthought when producing Internet-enabled devices.
“The problem here is that many Internet of Things devices [smart devices connected to the Internet] are horribly broken security-wise because it costs money to ensure a reasonable standard of protection on a product,” Chris Boyd, an analyst at the security firm Malwarebytes, told Newsweek in a recent interview.
Some modern sex toys even include webcams that can be used to communicate with partners remotely. This opens up the possibility of hackers intercepting devices and secretly spy on the user. However, manufacturers have been quick to stand behind the security of their products.
“There are three layers of security,” Sex toy maker Lovense said in a statement. “The server side, the way we transfer information from the user’s phone to our server and on the client side.
“We take our customer’s private data very seriously, which is why we don’t serve any on our servers.”
While Germans are watchful about data protection because of their experience of state surveillance by the Stasi secret police in East Germany and the Gestapo under the Nazis, Arendt said more attention is required to be paid to data security.
He added that employees need to be made aware of the dangers of opening suspicious-looking PDFs in the same way that motorists are warned by giant roadside signs not to speed.
“We only wake up when the damage is done,” he said. “There are enough examples of successful hacking cases. Now the next steps need to be taken to get back into a secure area.”