Bluetooth Vulnerability Turns High-End Sex Toys Into Tracking Devices
Earlier this week, Pentest Partners revealed problems that affect several Bluetooth LE devices. Their security demonstration focused on the Hush, a new Bluetooth connected butt-plug, but extends to many other, similar devices. Much to customers’ dismay, it turns out that the Hush isn’t as quiet over the air — as most would prefer it to be.
Bluetooth Sex Toys Are Too Visible, Not Secure
Using a $25 USD Bluetooth LE dev board, the writers were able to activate and interact with the high-tech adult toy, without authentication from the owner’s device or use of the included smartphone application.
The Hush, and many other next-gen dildos, can’t authenticate properly on Bluetooth, because there’s no way to enter or confirm a PIN native to the device.
In addition, the newer Bluetooth 4.20 spec loosens the rules for “slave device” pairing, meaning without authentication, your devices open themselves up for attack. Provided you know how each device broadcasts itself and have a way to replay commands to it, you can trivially access, track, and hijack any toy you find in range.
The author also noted that these security holes apply to other wearable tech, including medical devices:
“These are my Dad’s hearing aids, I managed to find them broadcasting whilst we were having lunch one day. They have BLE in them to allow you to play back music, but also control and adjust their settings (like if you’re in a noisy restaurant or a concert hall). These things cost £3500 GBP and need to be programmed by an audiologist so not only could an attacker damage or deprive someone of their hearing, but it’s going to cost them to get it fixed.”
Making Wireless Dildos More Secure
The nature of the Hush and other, similar devices makes implementing BLE security both difficult and imperative to their user experience. Without better obfuscation and security practices, these devices can become vibrating rubber beacons for high tech pranksters, or tracking devices instead of discreet adult entertainment.
The original report’s author proscribes several potential solutions, including random default device PINs, lower signal ranges, and physical “pair buttons”.
However, there are several problems less trivial to fix, including targeted tracking and device promiscuity. In their current state, the devices are not as private or discreet as they most likely need to be. If they’re something that interests you, it may pay to let the early adopters work out the kinks.
Are there disadvantages to a butt-plug that broadcasts your location? Let’s hear your thoughts.
images courtesy Pentest Partners