Valentine’s day is coming, and so might you. Make sure to do it safely
Because internet connected devices tend to log and store data about their users and usage we recommend you select vendors which have clear data privacy protections in place to show they are thinking about data security. It’s a bonus if they have retention policies and/or make it clear how to request a full removal of your data. It is even better if they have a vulnerability disclosure program!
Check the permissions the application asks for and uses when you install it.
When signing up for an account (if required) pick a pseudonym, and create a new (free) email with that new name. Then register your new device using that fake name and matching email with a strong randomly generated password you are not reusing.
If you desire to be extra cautious use a separate (older wiped) device and/or a VPN for the software needed to connect to and control the device.
If you are not comfortable with these risks, there are some very good manually operated devices on the market that will serve your needs.
Valentine's day is coming. Which may mean you are considering purchasing a remote controlled / internet connected toy.
Wonderful! There are many great reasons to own an internet connected toy for personal use such as long distance relationships, thrills while out and about, (relatively safe) anonymous adventures, and many more. (If you are wanting one for professional use, check out this blog instead: https://internetofdon.gs/considering-becoming-an-adult-model-or-performer/)
We certainly don’t want to scare you off of these products. They are an amazing thing that can open up a lot of pleasurable possibilities and can be beneficial to your relationships and happiness. As information security professionals however, we can’t help but see the unique risks that exist in this space and hope that a little education and advocacy can make sure everyone enjoys them and only accepts the risks they are comfortable with.
Here at the the Internet of Dongs we want to offer advice that is specific to internet connected remote controllable devices.
This article does not cover the safety of near-distance remote controlled devices, or how body safe the material the toy is made of or other topics. We also are not the best place to get recommendations based on your personal preferences, for that we recommend your local adult toy shop who can make much more informed recommendations.
Risks? Why is risk advice needed?
Great question. Compared to something like an internet connected teapot (or any other IoT device), there is really not any significant difference in risks when purchasing and using an internet connected sex toy. At least on a technical level.
However, people (as a group) tend to react with a lot of interesting emotions when anything connected (pun intended) to sex is involved. Adult toys are associated with a very intimate part of our lives as well as being generally used in very sensitive areas. Since they are connected, some measure of data about their use is generated just by their very nature of being connected and communicating externally. Every connected gadget, app, computer, etc that we use generates data in some form or another. What that data represents and how it can be used is where the risks are.
You may not be concerned about your IoT teapot vendor being hacked and people knowing that you own an IoT teapot, and how often you use it and whom you make tea for. But on the other hand, if the fact you own a particular adult toy is leaked along with how often you use it, and with whom, you may be embarrassed, or worse, be at great personal risk. The amount of risk you’re comfortable with is up to you.
What are the risks of internet connected toys?
Here are a few of the major risks;
- Vendor compromise: The most probable risk, as well as the one that impacts the most people, is that the vendor is hacked resulting in the data stored by the vendor being accessed or leaked (how often do we hear about unsecured S3 buckets of customer data being found!). This is usually an en masse leak due to a vulnerability or configuration problem where all customers are affected rather than a specific one.
- Device hijacks: As these are connected devices, it is possible someone could hack the vendor's platform and result in a remote hack of the physical device itself (see cock cage ransomware). This is where an attacker finds a way to iterate through device ID’s or other methods using an unintended ability of the platform to indiscriminately affect or control devices remotely. Again, this is usually en masse and not specifically targeted, however it could be depending on the attacker and their motivations.
- Account Hijacks: A less probable risk is your specific account or data being breached. This may be via the device you use (phone or computer) being compromised or your reuse of a password on the toys vendor’s app. This can lead to both a loss of the data and/or someone else being able to remotely take control of the physical device. This situation is usually where one account is compromised, not all of them.
- Physical proximity attacks: The least probable risk is that someone hacks the device itself directly. (This is mentioned for completeness and not a major concern of this article). Most devices are based on Bluetooth, which in a bench test (ideal lab conditions) this can be done at 30 ft. In the real world, it’s actually like 10 ft (we have tested this). If this is a concern for you, you can mitigate it by not wearing it in public. Personally it does not prevent me from doing so, but your comfort level may be different.
Why is my data a risk?
Internet connected toys may generate and transmit information about you, your usage, and even your location as part of their operation. This can occur both when you sign up for an account, as well as when you are using the device.
There is usually no malicious intent with the creation, transmission, collection and storage of this data by the vendor. Most normal IoT or SaaS (software as a service) systems will generate data when you login to the app or account. Data about usage patterns, favorite features, etc, is created and are commonly collected to improve all software and smart products. Most products nowadays do this (and is usually mentioned in those license agreements we all ignore) and is not necessarily a bad thing. There may also be run of the mill technical logs about these remote control sessions the vendor uses to diagnose problems or streamline services.
At its very basic level, this information exists because some action occurred. Its almost like physics in that for every action, there is a reaction. What is done with it, what it means, and how it is used, that is where the risks come in and where decisions by you, the user, need to be made.
This sort of thing is routine data that most people don’t think about, and generally shouldn’t worry about. However, this information is now in a place that you do not control by a third party who may have their own interests in it which differ from your own interests. As we mentioned above, this information, because it is related to sex, tends to come with extra feelings and concerns. You are trusting the vendor to be sure this information can not be hacked or leaked and will be treated carefully.
These device companies, whether they realize it or not, are now software companies. They are responsible for the security of customer data and for updates and patches and general maintenance of the systems that power the connectivity of their products. Unfortunately, some have not realized this quite yet and are making serious mistakes by adding features or collecting data without realizing the danger of what they are collecting and not using, transmitting or storing it properly.
For example, during account creation they may request a name, email and/or phone number and that of the person who is signing up. Pretty routine for most apps and we all hand that over without a second thought because there is a reason. While you are using the app to control the device, the company would also know the same information about anyone you permitted to control the device or who invited you to control their device. This is necessary for technical reasons and again, it has a reason. During use the device app may share location information, what settings are used, how long it was in use, etc, as well as any communication between the users (text, audio, video) if that’s a feature. All of this flows from your device and its app to the company's servers in order to allow this remote control capability.
So from this, we know who you are, your contact information, when and where and with whom you are using the device, as well as the contents of your communication between each other. We may also make some educated guesses about you based on the patterns you seem to favor, frequency of use, the type of device you are using, as well as your sexual orientation based on who you interact with. In the context of something sex related, many people may suddenly feel uncomfortable with this, despite the fact that there are other apps, devices and services that have the same information but users don’t blink an eye at this fact.
This is information that is created merely by the actions taken by you. The vendor may not have any malicious desires or even intend to store or use this information. It’s merely passing through their system and they may not capture it or keep it at all. However, they may, and that’s the concern. Many companies in general have a habit of collecting everything they can because it might be useful later (Marketing departments are terrible for this). They may also not be actively thinking about this and while they never “put the pieces together” and build a coherent dossier on each individual user or anything, they do leave the various bits of information lying around in logs and databases for an attacker (or marketing department) to sweep together at a later time.
How would you feel if this information leaked? Would it be career limiting? Could you be blackmailed? Would it cause issues with your family? Or are you ok with that information being out there (if the company were to be hacked). Would this enable someone to stalk you (location/GPS access)? Would this out you as having a non-monogamous relationship? A same sex relationship? Etc.
Fortunately, (and thanks to the efforts of the Internet of Dongs project), most vendors are aware they are now software companies with responsibilities and have taken major steps to limit the risks. Following security best practices to keep systems secure, to ensure all data is encrypted in transport to keep it out of prying eyes. They can also make sure they limit the data they retain by actively ensuring they don’t retain data from users beyond the basics so there is nothing for an attacker to steal in the first place.
Remember it's up to you to decide what types and level of risk you are comfortable with, but we hope to help you consider the risks and make better informed decisions.
What can you do?
Before buying the toy
- Does the vendor have clear instructions for you to request data removal (like for GDPR or CCPA)?
- Does the vendor have a vulnerability disclosure program and/or partner like a bug bounty program?
- Do they mention how they secure their systems and what steps they take to limit data retention (not just saying “trust us, it’s secure”)?
- Have they responded (in a reasonable way) to vulnerabilities in the past (believe it or not responding is good! It shows they are open about issues and not covering them up)
- Is it clear where the company is located, and their contact information is clearly available? This also indicates any privacy regimes (GDPR, etc) that they may have to adhere to.
- Do they acknowledge that they have a responsibility to the user to protect your information and are at least trying to do the right thing? Sometimes silence speaks volumes.
After buying the toy
- Consider what data to enter? Remember you can lie and not use your real name.
- Setup a strong password. Maybe use a password manager.
- Make up a new email address! Gmail accounts are free.
- Update and patch! Both the toy itself and the device(s) you use to connect to or control your new toy. Don’t ignore those update notifications!
Consider what data to share
Consider what name, email and phone number you are going to provide when requested. In order to ensure your privacy, safety and security as much as is reasonable, you could create a new (free) email address and phone number with a pseudonym for this device or for all of your adult toys. This way, if there is a compromise, there won’t be anything linking you to the data that may be disclosed. Your name and existing email are actually a pretty good fingerprint to identify you, especially if potentially combined with your location. Many compromises of adult services in the past have shown a large number of work and even government email addresses used by people to sign up. If you have an address solely for this purpose, then no one is the wiser should it be disclosed.
Consider a second phone and/or a second phone number so any fingerprinting of the device does not link back to your regularly used and identifiable device. Many apps do not require a phone number, so an old phone or tablet can be used over wifi easily and kept in use just with these devices.
Unique and strong passwords
You most likely will need to make an account to manage your new device. It is a recommended practice for all things, not just IoD devices, when signing up for an account to use a strong and unique password. Password managers are wonderful things; they can both generate a strong password as well as remember it so you don’t have to! This limits the risk of your reused password being used to access your account if it has been or will be in a breach.
Most apps on Iphone and Android will tell ask you for permission to do certain things. A photography app needing to access the camera is an obvious need. That free solitaire game needing permission to access your contacts and send text messages is not so obvious. In an ideal world, and many IoT vendors are starting to do this, they will explain why they need a certain permission before the app asks for it. If it seems reasonable, it’s probably safe.
One note about permissions. Older versions of Android (Android 6 to around 10) required the location services permission to be allowed in order to allow for bluetooth connections. This was because you could, in some circumstances, use bluetooth to determine your location, like in some office buildings, but had nothing to do with being able to connect to bluetooth devices. It was a poor choice on Androids part because it meant that many IoD apps would ask for the location permission and users would be understandably freaked out about why they needed that and what they were doing. Most of the time, the app never checked for the users location, but it had permission to if the developers wanted to. Today there is a “Bluetooth admin” permission that they can use to allow for the app to connect to devices that don't require the location permission. However, if the company hasn’t updated the app in a long time, or for reasons of backwards compatibility, is still doing bluetooth connections the old way, it could still come up. If it does, use your discretion and maybe ask the company what’s up with that and see if they get the message that it should be updated.
If location is a concern, add a VPN
This may not be compatible with all devices, your planned usage of the device, or your skill level, but consider installing a Virtual Private Network (VPN). VPN software encrypts your internet traffic from your device and sends it to another location before joining the general internet so it can't be snooped on (easily) by others in your location or along the way. You can also use a VPN to appear as if you are coming from a location that you are not currently in (to help hide your identity further).
VPNs are great if you are on a shared wifi, like at a hotel, to avoid others snooping your traffic. I personally use PureVPN but almost any security reviewed VPN will do. They can also confuse or override any location data that may be disclosed because the location your connection joins the internet is far from where your phone or tablet are reporting it to be.
Why isn’t this easier?
Today there is no central industry regulation, framework, or standard around internet connected devices (sex toys or other). So unfortunately for now you have to individually check each vendor. We try and keep an eye on them as best we can, but there’s many and time is limited. We also have no authority other than publicizing problems we see.
Some countries have taken steps to issue guidance or standards but as of yet there is not one simple label one can look for on their device to be assured it is at least considered data and software security in its manufacture.
We have personally noticed many kickstarters and start-ups as well as vendors of particularly inexpensive devices (often knock offs) that are made by those who do not take into consideration the risks and security of their devices. Sometimes it’s because they just aren’t aware or haven’t thought about it, or simply don’t care because they don’t make any money on the product after the physical device is sold, so why spend money to update it? Often, a new company will have an idea and go to a manufacturing company to build their design. Often they are pressured into making less secure or less ideal choices by suppliers who want to re-use existing hardware and software that they can simply re-brand, which is far cheaper than starting from scratch and doing it right. This results in many toys not having great security or attention to privacy and safety. The vendor may not have much ability to secure the device if they are informed of concerns or vulnerabilities because they never thought to specify that there had to be a way to do so.
It’s very much a “you get what you pay for” situation. If you are finding a toy from a company that no one has heard of, that only sells on Amazon, aliexpress or other such sites, and it’s ⅓ the cost of the big name brands, they likely had to cut corners somewhere, and often that is in the security and privacy areas (maybe also safety too!). It’s not a bad idea to spend the money to go with a major brand name rather than something unknown.
Please note this is no way comprehensive, but we hope it enables you to help consider your purchase and reduce your risk to a level you are comfortable with. These are the same considerations you should take into account when purchasing any internet connected device, but as we said people tend to get very different reactions and feelings around sex and sex related data.
Just remember that if all this seems too much to sort through, or a connected device is too risky, there are a huge number of old school, manually operated sex toys out there that will get the job done. While there may not be the same level of control or some of the thrill associated with the latest and greatest toys, the old ways worked for a very long time and luckily will continue to do so.
This post will be updated periodically as new recommendations are added.