Valentine’s Day is just around the corner. Some might be considering the purchase of a special kind of pleasure-giving device for their partner as a gift. But they might want to rethink those plans: the quality of cybersecurity in newfangled, connected sex toys has been unsurprisingly shocking in recent years. And it doesn’t look to be getting much better, if research released by Austrian company SEC Consult on Thursday is anything to go by.
Probing Vibratissimo’s ‘Panty Buster’ sex toy for women, the researchers found the device and associated websites had multiple vulnerabilities. By far the most severe issue (and one that was thankfully immediately addressed by Vibratissimo’s owner, Amor Gummiwaren) allowed anyone to obtain a database of all customer information by simply grabbing a username and password from an open file on the vibratissimo.com website. And it was possible to grab passwords for the sex toy owner accounts, as they were left open in plain text. From there, a hacker could look at sensitive data, including explicit images, sexual orientation and home addresses, according an SEC blog post.