Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences

  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.
Sign in / up

Security

This article is more than 1 year old

Your 'intimate personal massager' – cough – is spying on you

Bluetooth hack lets Australian researchers reveal your deepest desires

icon Iain Thomson in San Francisco
Sun 7 Aug 2016 // 21:56 UTC

DEF CON has a lot of odd talks, but the successful hacking of a vibrator by two researchers from New Zealand drew a big crowd.

The two-person team of g0ldfisk and follower got hold of the schematics for the We Vibe 4 Plus, a U-shaped vibrator that can be controlled via Bluetooth using a remote control or a smartphone app. The wireless functions mean the device's makers had to report its details with the United States the Federal Communications Commission, and that filing allowed the hackers to figure out a way to crack the device.

The We uses a Texas Instruments CC2541 processor with a dated 2.4GHz BlueTooth chip. Because there was no certificate pinning on the device it turns out it was fairly easy to hack, and find out what information it collects and transmits to the mobile app.

“We have had problems picking up the signal,” said Follower. “It turns out the human body is a surprisingly efficient faraday cage.”

The team managed to decipher the Bluetooth command strings and manipulate the We using a desktop computer. They reported the job was relatively simple - the Bluetooth data string is only eight bytes long and the first byte controls the device’s mode.

The two also found that the makers of the We collect exactly when the device is used, which of the ten vibration modes they are using, and even the temperature of the device. All this data is stored on corporate servers and in the terms and conditions of the device the manufacturer reserves the right to pass it on to the authorities.

If that provision sounds odd, know that this type of device is illegal in many places - including the Yellowhammer State of Alabama, some parts of Georgia, and until recently Texas. Using such devices is a criminal matter and there have been prosecutions.

The duo noted that this isn’t something hackers should try on other people’s devices, since technically it may be possible to charge someone with initiating unwanted sexual contact if they do. But they do want manufacturers to tighten up their security practices and will be setting up a campaign to make sex toys safer for all. ®

More about

×

More about

Broader topics

More about

COMMENTS

More about

×

More about

Broader topics

TIP US OFF

Send us news

Other stories you might like