The internet has permeated all aspects of our lives. Many manufacturers are adding internet connectivity without understanding or considering the implications of doing so. The latest generation of internet connected sex toys are no different.
Unfortunatly, adult products tend to have certain complications and a lot of researchers and companies are loath to deal with them. This is not fair to the consumers who use these products.
The project goals are simple; People should be able to enjoy their sex toys however they want, without worrying about security, privacy or safety. In an ideal world, you could trust manufacturers to have the security, privacy, and safety of their customers as their top priority. However, as with many Internet of Things vendors, they either don't know, don't understand or just don't care about these issues. This project hopes to change that. By working with the vendors who want to understand how to secure their devices we can bridge the gap in information security world and the adult intimate device industry.
As security researchers, we want to work with manufacturers to ensure that their devices are as secure and private as one would expect such devices to be. This needs to be done with respect and dignity for the users and everyone involved, and not engage in juvenile or other negativity.
We make no judgements about the users or uses of these devices. We are equal opportunity in our research, meaning we look at toys intended for all genders as well as related devices like Kegel trainers due to their intimate use and ability to send data to the internet.
We are not about saying one vendors devices are more secure than another. We may laud positive accomplishments and active participation by vendors to increase security, but none should be taken as an explicit recommendation of one over another.
Similarly, just because several vulnerabilities have been found and Dong Vulnerability Exposure Reports created, it does not mean that a vendor is insecure. Quite the opposite. It means they are adhering to their commitments to security and are dealing with reported problems quickly to ensure the best security and privacy possible. No assumptions should be made about any vendors or devices that are not listed. We may just not have gotten our hands on a sample device yet, or examined it yet in depth. Likewise, a reporting channel established and we are working to establish one to report any problems we've found.