Sex toys let cybercriminals hack more than just your secrets

But imagine a complete stranger taking over your pleasure toy and using it to access your most intimate secrets. Or, even worse, literally trapping intimate parts of your body, leaving you no possibility to break free. Sounds like a horror movie? Unfortunately, it would be one based on a true story.

What happened?

Qiui’s Cellmate is a chastity belt your partner can lock and unlock remotely through a special mobile application. With a tap of a button, someone can lock up your genitals in a metal ring. Maybe that might be fun if it’s someone you can trust – but can you be sure they’re in control?

The security flaws in QIUI’s Cellmate chastity sex toy have caught the attention of researchers everywhere. If exploited, these flaws would allow hackers to remotely lock you in the belt, which doesn’t have a manual unlock function. Luckily, our first known victim, Sam Summers, had some bolt cutters on hand and nerves of pure steel. That’s right — after receiving what he called “weird messages” in the app that connects to the chastity toy, Mr Summers’ had his private parts held ransom by hackers. The criminals demanded a ransom of $1,000 Bitcoin to set him free, and demanded more and more each time Sam paid. In the end, Sam’s only choice was to awkwardly position himself and hack away at the chastity device with bolt cutters, blow after excruciating blow, while simply hoping for the best.

Although Mr Summers did manage to narrowly escape castration, the danger of Wi-Fi connected sex toys is rife. Just take a look at some of these most recent hacks that could leave you in a bloody mess of tech trauma.

Previous sex toy hacks

Hackers exploiting sex toys is not a new concept. Here are some of the most famous recent hacks:

• “Panty Buster” hack. A few years ago, researchers discovered vulnerabilities in “Panty Buster” sex toys sold under the Vibratissimo brand. Hackers could use a back door to access user data, including images, chat logs, sexual orientation, passwords, and more. The flaw also allowed hackers to take control over the device by exploiting its Bluetooth connection. What’s more, the device had a dedicated social network, where users could communicate with each other and stream their videos. This added an additional layer of vulnerability. Fortunately, the issues were solved with updates, but before this was done, at least 50,000 users had details of their intimate lives leaked.
• Bluetooth-enabled butt plug hack. Hush, the world’s first remotely controlled teledildonic butt plug developed by Lovense, was found to have a flaw that allowed hackers to intercept its Bluetooth connection. Anyone within the range of the Bluetooth signal could easily control the device, all thanks to its Bluetooth Low Energy function. While the function saves energy, it is also very insecure and susceptible to man-in-the-middle attacks.
• Dildo camera hack. In 2017, researchers from Pen Test Partners discovered a vulnerability in Svakom Siime Eye, a dildo that has an integrated camera and allows users to stream videos to anyone. The problem is that anyone within the device’s Wi-Fi range could access the videos and the dildo’s unprotected webserver if they could guess the device password. The default password was “88888888”, so it is not very difficult to crack. Having accessed the web server, snoopers could also take full control of the device’s firmware.

Sex toys have become part of the network of internet of things (IoT) devices and can be hacked the same way that any other IoT device can. Moreover, they can not only expose the most intimate details of your life to a stranger with unclear intentions, but also become a gateway to other devices or even your whole network. Most modern sex toys have sophisticated technological features, such as Wi-Fi connection, webcams, and even AI-powered biofeedback, and should be treated seriously in terms of cyber threats.

Preventive measures

Here are a few measures you can take to avoid such exploits:

• Constantly change your passwords and use strong ones, making sure they include a combination of letters, numbers, and special characters. Also, create a different password for each of your devices. Our NordPass tool can help you create complex passwords and will memorize them for you.
• Always update your devices. Manufacturers are usually quick to patch vulnerabilities with the latest updates. When you forget to update your software, you leave yourself vulnerable to threats.
• Create a separate local area network for your IoT devices. By doing this, you will isolate them from your primary network, keeping them safe in case someone were to intrude on it.
• Secure your router with a VPN. The VPN will protect traffic on all the devices within your network, preventing cyber-snoopers from intercepting it.
• Secure your Bluetooth connection.

Use protection online. NordVPN is a trusted tool that will always help keep you safe and private, and you can try it risk-free for 30 days!