Monday, May 30, 2016

Cyber attacks on... *** toys???!

For those of you in the USA, enjoy Memorial Day and remember the veterans who are no longer with us because they died securing your freedoms.  For those of you everywhere else, happy Monday! Enjoy your work.

I read an article this morning that boggled my mind.  If you read the blog regularly, you know that I am a big believer in IoT security and then need to audit the devices that are perhaps otherwise slipping through the cracks.  Today, I learned that the Internet of Things already has far more types of "things" connected to it than I previously realized.

This article mentions that Trend Micro experts went on record to say that cyber attackers might target Internet connected sex toys.  Now before anyone goes and attacks Trend Micro for such a ridiculous statement, they do offer a more plausible attack idea.  Also, know that the press can and does misquote you frequently to get the best story.  I then have to wonder, was Raimund Genes misquoted when he said in response to the hacking question "But if I can get to the back end..."  If not, well done sir. That's an epic troll.

But maybe the better question is why are there network connected sex toys in the first place?  I did a quick search on Google and discovered that there's a whole niche market I never knew about for wifi and bluetooth enabled sex toys, primarily marketed to long distance lovers.

There's more than one manufacturer of wifi enabled sex toys, oh my
Okay, so has anyone evaluated these devices and applications for security?  Dare I say has anyone done a penetration test on the sex toys?  Okay, I'll report directly to terrible pun jail - that was simply too much...

But this an interesting facet of the broader IoT conversation.  I suspect few will care if their coffee drinking habits are revealed if their wifi coffee maker is hacked.  But I'm betting that if someone hacks your sex toy and posts your usage patterns to the web, that would be down right embarrassing. Another vector attackers might use would be denial of "service" (sorry for another terrible pun) - possibly leading to the world's first DDoS - dildo denial of service (okay I'll stop now).

There's a philosophical point here - are our lives really made better each time we connect another part of them to the Internet?  I would argue they are not.  Despite my highest hopes, my Egg Minder hasn't changed my life for the better.  What about the "smart" piggy bank I bought my daughter? I'm not sure that's really helped either.

Finally, there's probably a DFIR angle here too.  I suspect that forensics on the applications controlling these devices (or perhaps even the devices themselves) can be very lucrative in certain cases (though I admit those cases are probably few and far between).  I haven't examined any of these applications for residual data, but I'll bet there's something there.

*Note: The views on this blog are mine and mine alone. They don't reflect the views of any organizations with which I may be affiliated, my mom, my priest, or my dog.  If you are mad at me for something I say here, my advice is stop reading my blog.  But if you insist that your voice be heard, address it with me here. I have comments enabled for precisely that reason.


  1. You missed one. "...the devices that are perhaps otherwise slipping through the cracks".

  2. This comment has been removed by a blog administrator.

  3. Been using Kaspersky anti virus for a few years now, I would recommend this product to all you.


Note: Only a member of this blog may post a comment.