Vibrators hacked

Today, it seems everything can be hacked. Even your vibrator. This is the tale of developers of very intimate goods who do not value the privacy of their clients.

Now that even coffee machines are Wi-Fi connected, getting to smart sex toys was only a matter of time. People actually started thinking along those lines quite a while ago: In 1975, American pioneer of information technology, philosopher, and sociologist Ted Nelson offered the world a curious new term: teledildonics. The word denotes a technology that helps couples feel very close together no matter how far apart they are in reality.

So, how do you make a tool as simple and efficient as a vibrator “new and improved”? Cool features from the gadget world, of course. Today, people can buy sex toys that synchronize with erotic e-books, toys with remote-control features, even ones equipped with a built-in selfie camera … and, well, a lot of other interesting devices.

There are also vibrators for couples: For example, the We-Vibe 4 Plus has been on the market for two years — although it became newsworthy quite recently. This is the tale of developers of very intimate goods who do not value the privacy of their customers.

What happened?

The company that produces the We-Vibe 4 Plus is called Standard Innovation. It claims the device is the number one couples’ vibrator in the world. In comparison to the base model, the We-Vibe 4, the Plus version supports remote control through a mobile app that can be installed on the phones of both partners. Users can create “playlists” — basically, sequences involving vibration intensity and frequency.

All well and good, so far. But the devil is in the details: The same app that keeps a diary of your sex life also shares that intimate data with the developer.

Two New Zealand hackers called @goldfisk and @rancidbacon researched the device and presented their findings at the DEF CON 2016 conference in Las Vegas. They had discovered vulnerabilities in the app. Among other things, criminals can hack it to activate the vibrator. That may not sound as dangerous as hacking a chemical plant or a nuclear power station, but it’s still fairly horrifying to contemplate.

“Unwanted activation of a vibrator is potentially sexual assault” — @RancidBacon, at DEF CON.

Just think: Two million people own We-Vibe 4 Plus devices, and every one of them is at risk.

The hack is still only a theory. But the developer gathering data about device temperature and difference in vibration — that’s really happening. As a result, the company’s employees can easily discern when and how often people use their vibrators, and even which modes they prefer — the widely advertised “echo,” the “cha-cha-cha,” or a personalized playlist.

Standard Innovation president Frank Ferrari told Fusion that the company collects data to improve their devices and understand how people use them. So: For two years, We-Vibe 4 Plus users unwittingly took part in a kind of erotic show for a narrow circle of people — Standard Innovation employees.

The We-Connect terms and conditions are rather vague and do not explain which data the app collects and for what purpose. At the same time, the company reserves the right to share this information with law enforcement if it is requested. This point is a very big deal: In some countries self-pleasure is illegal.

Tips and conclusions

The Internet-of-Things in general and teledildonics in particular is a very young industry. Developers of smart devices emphasize “cool new features,” often leaving users’ security fairly far down the list of priorities. That’s why we recommend caution when buying smart devices — and especially when it comes to sex toys. Does your vibrator really need to be connected to the Internet?

If not, buy a different kind. But if you’ve already joined the ranks of “lucky” We-Vibe 4 Plus owners, you don’t have to trash it just because the developer overindulges. Instead, you can turn on your phone’s airplane mode when you use the toy — though you’ll have to forgo the remote control.

Tips