Smart Sex Toy Sales Surge Poses Security Risk

A cybersecurity company has urged the rising number of smart sex toy owners to think about protection.

Sales of internet-connected sex toys, also known as teledildonics, have increased since lockdown measures were introduced to slow the spread of COVID-19. 

In March alone, sex toy revenue in France, Italy, and Spain, where lockdown measures were particularly stringent, exceeded projected figures by 94%, 124%, and 300%, respectively.

In "Cybersecurity Trends 2021: Staying secure in uncertain times," ESET researchers Denise Giusto and Cecilia Pastorino describe how this particular tech is a potential hotbed of privacy and security concerns that may result in users’ most private information being exposed.

"With new models of smart toys for adults entering the market all the time, we might imagine that progress is being made in strengthening the mechanisms to ensure good practices in the processing of user information," wrote the researchers. 

"However, many researchers have shown that we are a long way from being able to use smart sex toys without exposing ourselves to the risk of a cyber-attack."

The duo said that the extremely sensitive information processed by smart sex toys could be exploited by cyber-criminals hoping to make money through sextortion or by authorities in countries whose citizens are banned from engaging in certain sexual practices. 

Smart sex toy data that could fall into the hands of an oppressive government regime or digital blackmailer include names, sexual preferences and orientations, the names of sexual partners, information about device usage, and sexually explicit images and videos.

Most of the smart sex toy devices currently on the market are controlled via Bluetooth Low Energy (BLE) from an app installed on a smartphone.

"As well as concerns about data confidentiality, we must consider the possibility that vulnerabilities in the app could allow malware to be installed on the phone, or firmware to be changed in the toys," noted researchers.

"These situations could lead to DoS (Denial of Service) attacks that block any commands from being delivered."

Researchers urged users to practice data-safe sex by avoiding risks where possible; for example, being careful not to use an official name or email address that could identify them when registering for sex apps.

What’s Hot on Infosecurity Magazine?