Has Your We-Vibe been Phoning Home and Telling Stories?

[treveller]

Americans who bought the BlueTooth connected We-Vibe are being compensated by the Canadian company but Canadian purchasers are out of luck. The smart phone app collected data from the vibrator and from the phone user then sent the info to Ottawa based Standard Innovation. The company knew who was using it when, along with settings and temperature. It was supposed to help product development but the company still worked to keep the data collection secret.

http://www.wired.co.uk/article/we-vibe-sex-toy-surveillance

 

[Warl0ck]

So I went over and logged into Shodan.io and scanned to see if there was anything on a "we-vibe" search. And sure enough there was.

I guess the greatest irony of all this is that the Internet was designed to withstand a nuclear war. In 2017, it can be brought down because a bunch of sex toys launch an IoT Denial of Service.

 

[treveller]

How would a Denial of Service attack work with IoT connected vibrators??? It boggles the mind!!!!

 

[Warl0ck]

A massive Mirai IoT DDOS has already happened. It took down most of the internet in the United States.

It works like this. All these devices which connect to the internet have default passwords or piss poor security. And the users don't change them. The result is these devices are all connected to the internet so malware scans networks and then executes the DDoS. So yes it is ENTIRELY possible you're wife vibrator is actually attacking a website. It sounds funny as fuck (because it is) but it's also a serious security issue. The hacker no longer has to socially engineer the user or hack their computer. He just attacks their toaster.

I don't mind. It's good business for me. I do get a headache just thinking about it though.

 

[escapefromstress]

Didn't they find out that some Chinese appliances were designed so the password couldn't be changed after the owner bought them? So all the hacker needs is the manufacturer's info. Every smart device should come with a big warning to immediately change the password.

 

[jgg]

Can they tell which orifice it is in? And if there is any DATY going on as well?

Just kidding....or maybe they can?

 

[escapefromstress]

Can they tell which orifice it is in? And if there is any DATY going on as well?

Just kidding....or maybe they can?

Not quite.

customers weren’t aware that the app had been specifically designed to "collect and record highly intimate and sensitive data" regarding the usage of We-Vibe products. This data included the date and time of each use, details of vibration settings, temperature and battery life - all of which was linked to users’ personal email addresses within the company servers in Canada.

 

[Warl0ck]

They often do, but nobody reads that fineprint, they just plug-and-go. Most retail bought routers have default Admin passwords that nobody ever changes and are easy to guess (or lookup). Same for default IP addresses...

BD

Sign up and learn to use Shodan. You can scan for routers with default passwords, etc. I use it extensively to test clients #infosec. It's a search engine for the internet of things. The whole industry is a cluster fuck and most days by lunch I feel like retiring to Gambier Island and cooking for a living. I have a sex toy but I've yet to configure it on my smart phone but maybe I will tonight. Then I can go on Chaturbate and you can all donate tokens to me and make the device vibrate in my ass !. #GettingPaid

 

[Damaged]

They often do, but nobody reads that fineprint, they just plug-and-go. Most retail bought routers have default Admin passwords that nobody ever changes and are easy to guess (or lookup). Same for default IP addresses...

BD

Most retail/home routers do not have WAN access enabled by default so although the default password is present you would have to be on their internal LAN to gain access.

 

[Warl0ck]

Most retail/home routers do not have WAN access enabled by default so although the default password is present you would have to be on their internal LAN to gain access.

No, but a substantial number of routers:

1. Do not have firmware updated and therefore can easily be compromised with simple exploits
2. Often use the default passwords to log into the device. The user sets the complex password on the SSID
3. Users leave the default settings and WAN access is part of that.

Home routers = swiss cheese. A rookie hacker can take one down.