Lovense app malware: Are smart adult toys safe?

Lovense is a Singapore-based company that produces remote controlled smart adult toys used by long-distance couples and those who simply want to spice up their sex life.

To get a Lovense toy working as intended, you need to connect it to one of Lovense’s applications via Bluetooth. Then, you can control it yourself or allow your partner to remotely control it.

Two smartphone apps can be used with Lovense toys — Lovense Remote by Wolkin and Lovense Connect by MINI PIE. The former is designed for regular users, while the latter includes various features for people working on camsites.

Lovense toys don’t spy on people if used disconnected from the app. They don’t have any built-in cameras, microphones, or location tracking equipment. Your Lovense dildo or butt plug can simply function as a regular adult toy. However, possible dangers arise when you connect your Lovense smart adult toy to one of the applications.

Both apps require permission to access the microphone and camera (for audio and video calls) and obtain the device location (for using Bluetooth). Also, they both collect the following information:

• Login information (username, email, and password).
• Device identifiers (device details, OS, Bluetooth connection status).
• Log file data (your app version, login record, app crash details, device usage patterns).

Lovense Connect also collects sensitive information, such as a friend list and user content that includes pictures, text, audio, and videos. However, the privacy policy notes that this information is only used to display content to you and your partner. The app also uses encryption by default, and video chats have end-to-end encryption.

It’s worth noting that in 2018, an anonymous user from California filed a lawsuit against Lovense regarding the information the company collected. The user was concerned about the collection of date, time, and vibration settings while using the Lush vibrator, all of which were linked to an identifiable email address.

A spokesperson of Lovense argued that the user agreed to the privacy policy before using the product. However, the court ruled that the information about the vibration intensity counted as “content” under the Wiretap Act.

Once connected to the internet or Bluetooth, everything becomes hackable, and Lovense devices are no exception. There were a few instances when their safety was compromised.

In 2017, a Reddit user discovered that the Lovense Remote app recorded a six minute audio file of a dildo session. An official Lovense representative replied that the file was only stored in the application’s local folder as a temporary cache file and wasn’t sent to the company’s servers. Also, it turned out that the so-called “minor bug” only affected Android users. Soon after the complaint, Lovense fixed the bug for their latest app version.

Earlier that year, Lovense was in another tight situation, this time involving their butt plug Hush. Security researcher Giovanni Mellini discovered that the device was prone to man-in-the-middle attacks via Bluetooth vulnerability (more precisely, certain security issues with the BLE protocol). In short, it was possible to pair it with a laptop without authentication and make the butt plug vibrate.

There are lots of other adult toy hacking examples that involve other teledildonics companies. From chastity belt ransomware to a spying dildo camera, it is possible to get hacked in many horrifying ways.

Even though there’s no single way to completely protect your Lovense adult toys from cyberattacks and malware, there are steps you can take to make the experience as safe as possible:

• Only download the Lovense app from Google Play or the Apple App Store. Doing otherwise might infect your smartphone with malicious software like spyware or rootkits.
• Set a security PIN for your adult toy. Setting a security PIN serves as an extra step to protect your Lovense toy from unauthorized Bluetooth access.
• Use a strong and unique password for your Lovense account. A long password that contains symbols, numbers, and capital letters helps to protect your account from unauthorized access. You can use a password generator to create one. You can also consider getting a password manager that would keep track of your credentials.
• Keep your adult toys turned off when they’re not in use. This will minimize the chance of someone detecting your device via Bluetooth.
• Protect your router from unauthorized access by changing the default settings. After getting a new router, it’s a good idea to change the default username and password. It’s possible for hackers to find lists of default passwords online, making it easier to access your router. Luckily, most routers nowadays come with unique randomized passwords, but you can never be too cautious.
• Review the app permissions and only allow the requests that are necessary for the app to function. For example, if you don’t need the video chat function when using your Lovense sex toys, you can disable the camera permission.
• Keep your Lovense app updated since new app versions fix system vulnerabilities. For example, when a Lovense user discovered the audio bug in 2017, the company fixed the problem in the following version of the application.
• Avoid using public Wi-Fi networks without a VPN. Unsecured public Wi-Fi puts your online traffic at risk, making it easier for hackers to access your private information. A VPN encrypts your internet traffic, helping you secure your connection anywhere you go.

Your Lovense smart devices don’t need to suddenly start acting up for you to suspect that your Lovense app got hacked or infected with malware. Here are a few signs showing that your phone might contain an infected application:

• Your smartphone becomes slow, lags a lot, or tends to overheat when not charging.
• Your phone’s battery life decreases significantly.
• Your smartphone starts randomly rebooting.
• You discover unfamiliar apps in the phone’s app list.

To summarize, you should be cautious when using Lovense or any other adult toy that has a remote control. The sensitive information related to smart adult toys can compromise your privacy.

If you decide that you want to try out Lovense toys anyway, follow all the security guidelines provided above and read the application’s user privacy policy.