BLE Security

It has been an interesting week.

I’ve been working at PTP for a few months now, and one of my first pieces of research has been on IoT, er, “intimate wearables”. Well, you can read it, including the snappy vulnerability name we came up with (all the best do): https://www.pentestpartners.com/security-blog/screwdriving-locating-and-exploiting-smart-adult-toys/

After that it’s been picked up by a fair few outlets, including:

There was also a lively twitter discussion from my friend Ben Goldacre which ended up involving an MP:

Which resulted in this article in The Guardian: https://www.theguardian.com/commentisfree/2017/oct/06/drive-by-sex-toy-hacking-wake-up-call-britain-internet-security-vibrators

Which I think neatly brings us back round to why I/we did the research in the first place. Yes, the headline is catchy, but it’s to highlight that although BLE has “short” range (anything up to several hundred meters which may not be what you’d think as short) it often has shockingly implemented security that can have real world physical damage.

Many commenters pointed out that unsolicited activation of, er, the “intimate wearables” might be a feature and not a bug. I’d agree, if you knew that’s what you were getting into – consent is sexy!

We’re doing some more work on the range soon, as well as some additional vulnerability disclosures on these products – watch out for those.

Update: do you use the Lovense “Body Chat” app to, er, chat? Your messages and other info are probably not as secure as you think they are.

Update 2: I did an interview with Claire Lampen for Gizmodo, exploring the legal aspects of this too: https://gizmodo.com/if-your-vibrator-is-hacked-is-it-a-sex-crime-1820007951