Article Image

IPFS News Link • Science, Medicine and Technology

The Next Security Risk May Be Your Vibrator

• https://www.wired.com

Until hackers discovered the internet of things, a maker of kitchen appliances didn't have to worry about the security of its toasters. Now, though, the proliferation of networked devices—from televisions to refrigerators to, someday, self-driving cars—has spawned a new form of cyber attack. This is not only because the points of vulnerability multiply as a network expands, but also because many of the consumer-product manufacturers who now produce networked devices have no experience with digital security. And few internet-of-things product categories better demonstrate the urgent need to improve security standards than connected sex toys.

Arthur Rizer (@arthurrizer) is national security and justice policy director with the R Street Institute, a think tank focused on free markets. Amie Stepanovich (@astepanovich) is the US policy manager and global policy counsel at the human rights organization Access Now.

In late 2016, a pair of hackers at DefCon, an annual US hacking conference, revealed that one company's connected vibrator, the We-Vibe, not only tracked sensitive data related to customers' usage, but also that third parties could access that information. Even more troublingly, hackers were able to take control of the devices remotely.

At RightsCon Brussels 2017, a security researcher showed how another connected vibrator, this one with a built-in camera, could be hacked to allow unauthorized access to the video feed. These breaches highlight just a few of the wide array of connected products with potential vulnerabilities.

Talk of sex toys may elicit snickers. In fact, one company famous for distributing so-called stalkerware—software that enables surveillance—went so far to focus on sex toys for an elaborate April Fools' joke, advertising the sale of malware that allegedly could allow strangers to hack into and control a wide range of devices. The people at FlexiSpy seemed to find it funny that a product could "take remote charge of a sex toy's power button, speed, and preference settings—even when in use."But it's no laughing matter, and these examples raise serious questions: Where does liability reside in a completely connected world, and what are the policy and legal ramifications of such widespread vulnerability?

 

Remember the We-Vibe that was hacked at DefCon? Standard Innovation, the Canadian company that manufactured the device, eventually doled out settlements to its US customers as a result of a class-action lawsuit filed after the 2016 hacking demonstration. The litigation relied on the DefCon demonstration to prove that the company was collecting information like the temperatures of the devices, as well the intensity of vibration and frequency of use, without users' consent.


www.universityofreason.com/a/29887/KWADzukm