Thoughts and tips on information security and privacy in an increasingly digital life

Internet of Things (IoT),Privacy,Vulnerabilities

The Internet of (Spying) Things – adult edition

18 Mar , 2017, 16.57 Linus Nyman

 

Last week I wrote about Internet-enabled toys (for kids) that ended up having serious vulnerabilities (the toys, not the kids). Internet of Things, or IoT, toys have been in the news again recently, but this time the spotlight was on toys for adults.

Canadian company Standard Innovation produces (among other things) smart vibrators that can be controlled from an app on your (or your partner’s) phone. At the Def Con hacker conference last August (Def Con 24), two security researchers presented the results of their excursion into the safety and security of Standard Innovation’s We-Vibe 4 Plus vibrator.

In their presentation Followr and Goldfisk note that while it may be easy to joke about the potential privacy risks of IoT sex toys, there are actually significant issues at stake. Among those being that there are countries in the world (and even some places in the US, they note) where owning a sex toy is illegal. So even a data leak just of the knowledge of someone owning a sex toy could be a risk to the owner.

Hacking for privacy: Goldfisk and Followr present their results (Pic: Def Con)

 

But back to their findings: they found potential vulnerabilities. (At this point in The Life and Times of the Internet of Things, it seems that what would really be newsworthy would be finding out someone managed to make an IoT gadget without vulnerabilities. But I digress…) The perhaps more alarming part of their discovery was that they found out that the vibrator was sending data about temperature and product use to a server in Canada.

Nothing to hide – but nothing I want to share, either

This case brings to mind that popular (but moronic) argument that if you haven’t done anything wrong then you shouldn’t have anything to hide. In most of the world it is completely legal to own and use a vibrator. But that doesn’t translate to users wanting to sharing data about its use.

Long story short: some consumers sued Standard Innovation over their data gathering, and last week they reached a settlement agreement in which Standard Innovation promised to pay USD 10,000 each to users of the their app. (Though only for US residents, it seems.)

As F-Secure’s Mikko Hyppönen told me in an interview, IoT gadgets will gather data – and IoT gadgets are vulnerable. So what can we learn from all this? If nothing else, at least that whatever parts of your life you want to keep private, try to keep those parts away from the Internet of Things.

Leave a Reply

Your email address will not be published. Required fields are marked *