In the past, I’ve written about some rather unusual technological trends we can expect in the near future. One in particular should be very much anticipated, but sometimes too personal to talk about. I’m discussing sex with machines.
But compared to what I’ve been reading on the progressively sanctioned twitter and Facebook platforms, frankly, people “marrying” their sexbots by 2050 or sooner actually wouldn’t surprise me. More’s the pity.
However, yesterday, I came across an article on LinkedIn titled Smart sex toys come with Bluetooth and remote hijacking weaknesses.
Now depending on how you swing, if you use sex toys, and the level of sophistication of the models you employ, this could not only be an embarrassment but a danger.
Apparently various sex toys are both bluetooth and internet capable. Imagine your sex toy being able to connect wirelessly to the web. The possibilities are endless.
But why would it need to if it’s just you and it?
First of all, in the age of COVID, meeting new people and becoming intimate has become more difficult. Even if you have a current lover, if you aren’t co-habituating, you could never be sure one or the other of you hasn’t been exposed to the virus. How can you engage in intimate activity and take the chance of becoming infected?
Well, there are a few ways. according to the article:
Firstly, the connectivity between a smartphone user and the device itself is established over Bluetooth Low Energy (BLE), with the user running the smart toy’s app.
Secondly, the communication between a remotely located sexual partner and the app controlling the device is established over the internet.
To bridge the gap between one’s distant lover and the sex toy user, smart sex toys, like any other IoT device, use servers with API endpoints handling the requests.
“In some cases, this cloud service also acts as an intermediary between partners using features like chat, videoconferencing and file transfers, or even giving remote control of their devices to a partner,” explained Bilić and Pastorino in a report.
While a couple being able to remotely connect to a sex toy one partner is using and the other partner is controlling may sound interesting and maybe even enhancing, as you can see, it has drawbacks. Any item that can connect to your phone via bluetooth can be accessed through the phone over the internet. That information is not only shared (and stored) on intermediary servers, but can be hacked in the same way any internet-connected computing device can be accessed.
In examples provided by the researchers, technologies like Bluetooth and inadequately secured remote APIs make these IoT personal devices vulnerable to attacks that go beyond just compromising user privacy.
But, the researchers state that the information processed by sex toys consists of highly sensitive data such as names, sexual orientation, gender, a list of sexual partners, private photos and videos, among other pieces, which, if leaked can adversely compromise a user’s privacy.
This is especially true if sextortion scammers get creative after getting their hands on such private information.
But there’s more.
More importantly, though, the researchers express concern over these IoT devices being compromised and weaponized by the attackers for malicious actions, or to physically harm the user.
This can, for example, happen if the sex toy gets overheated.
“And finally, what are the consequences of someone being able to take control of a sexual device without consent, while it is being used, and send different commands to the device?”
“Is an attack on a sexual device sexual abuse and could it even lead to a sexual assault charge?” Bilić and Pastorino further stress.
Yikes! “Weaponized” sex toys?
Using the BtleJuice framework, and two BLE dongles, the researchers were able to demonstrate how a Man-in-the-Middle (MitM) attacker could take control of the devices and capture the packets.
The attacker can then re-broadcast these packets after tampering with them to change settings like vibration mode, intensity, and even inject their other commands.
Likewise, the API endpoints used to connect a remote lover (sexual partner) to the user make use of a token which wasn’t awfully hard to brute-force.
This architecture of the API endpoints makes it possible for users to remotely control the devices by simply entering these URLs into web browsers.
Now imagine the next generation of sex toys that employ AI and even come in the form of dolls that simulate human interactions.
While the Internet of things (IoT) may be ubiquitous in our world, and include connectivity for home devices from thermostats to refrigerators to automobiles, all of that comes with a danger. Add something as personal and intimate as sex, and you are not only risking a great deal of embarrassment but potentially personal injury as well.
COVID and the government ordered lockdowns have isolated millions upon millions of people. Human intimacy in all its forms is part of our very nature, and the lockdowns have denied that to people. In the past year, the purchase and use of sex toys as soared, which means the risk to those people has risen by the same astronomical rate.
I don’t know if anyone’s written a dystopia-based science fiction story in this direction, but as we’ve seen time and time again, science fiction has a nasty habit of becoming fact.