I know that headline seems way out of left field but bear with us, we will explain it all in good time.
Let’s start with Alex Lomas, though, to get the ball rolling. Armed with a Bluetooth discovery app while walking the streets of Berlin, Alex was on a screwdriving mission.
In other words, he was on the hunt for smart adult toys.
You see, adult toys that are able to connect to other devices “lend themselves to being great testbeds for IoT research”: they’re BLE, relatively cheap, accessible and have companion apps for the full spectrum of testing.
Smart sex toys, the ones that allow intimate but “discreet public play”, use Bluetooth’s baby brother, Bluetooth Low Energy (BLE), to connect.
During his walk, Lamos found a number of these devices (it’s Berlin, go figure), the most common being the Hush butt plug, and took a screenshot of one of his genuine discoveries – ready and waiting for anyone to connect to it:
That’s all the proof one should need that BLE isn’t a exactly stellar connection when it comes to security, as Lamos explains in an article on Pen Test Partners:
What you save in battery life and complexity comes at the price of easy discoverability and exploitability. Whilst BLE does have support for security, it is rarely implemented. When it is implemented it’s often done poorly.
For research purposes, Lomas then bought the smart butt plug he had come across quite often:
Testing the device, he explained just how easy it is to take control of them. Without a pin or password, access was immediate – and it wasn’t just the Hush butt plug. Every BLT smart adult toy he tested connected just the same.
Awkward.
But there is a way to protect yourself – kind of:
The only protection you have is that BLE devices will generally only pair with one device at a time, but range is limited and if the user walks out of range of their smartphone or the phone battery dies, the adult toy will become available for others to connect to without any authentication.
Because, well, having an adult toy unexpectedly start vibrating could cause a great deal of embarrassment.
Other devices that use BLE to connect are, you guessed it, hearing aids – and hacking these can be more sinister than causing a simple, albeit unscheduled vibration.
Connecting to his dad’s hearing aids, this is what Lomas found:
He managed to find them broadcasting their connection whilst his family was having lunch one day:
They have BLE in them to allow you to play back music, but also control and adjust their settings (like if you’re in a noisy restaurant or a concert hall).
These things cost £3500 and need to be programmed by an audiologist so not only could an attacker damage or deprive someone of their hearing, but it’s going to cost them to get it fixed.
And that’s super scary.
If that potentially affects you or a loved one, Lamos listed a few means of fixing this problem which you can read here.
At the end of the day, BLE openly advertises its presence which means these devices can be located fairly accurately.
How comfortable do you feel knowing that if you wore such devices in public, that you might be discovered? Not a concern to some, but very concerning to many.
So unless you have the ability to reverse engineer a butt plug’s software, read here about how you can get the ass-isstance of NEWORDER.
They are the proud African strategic partner of the International threat detection experts PWNIE EXPRESS who created Pulse, an application that enables security teams to easily detect and respond to misconfigured, unauthorised and malicious wired and wireless devices.
They will also be able to advise you on what to do to secure your own BLE device, no matter what it is.
Before you go, here’s the inside of a butt plug:
Trés intéressant.
[source:pentestpartners]
Hey Guys - thought I’d just give a quick reach-around and say a big thank you to our rea...
[imagesource:CapeRacing] For a unique breakfast experience combining the thrill of hors...
[imagesource:howler] If you're still stumped about what to do to ring in the new year -...
[imagesource:maxandeli/facebook] It's not just in corporate that staff parties get a li...
[imagesource:here] Imagine being born with the weight of your parents’ version of per...