Remote-controlled sex toys ‘vulnerable to attack by malicious third parties’

Remote-controlled sex toys with Bluetooth connectivity could be vulnerable to attack or interception by malicious third parties, according to research commissioned by the Department for Science, Innovation and Technology.

They allow a device to be used in one location while being controlled by someone in another location.

The combination of sex toys and technologies have multiple vulnerabilities, which demonstrate “clear capacity to inflict physical and psychological harm on to unknowing consumers”, the research says.

Vulnerabilities include the Bluetooth connectivity that links the device with a companion app, it adds.

The research says: “Sex toys or ‘sexnologies’, the combination of sex and technologies, have multiple vulnerabilities and attack surfaces, demonstrating clear capacity to inflict physical and psychological harm on to unknowing consumers.

“Key technical vulnerabilities include their BLE (Bluetooth low energy) connectivity that links a companion app with the smart device.

“Often these connections are not encrypted, thereby rendering them more vulnerable to attack and/or interceptions from malicious third parties.”

Harm could be caused as the disclosure of sensitive personal information such as names, sexual or gender orientation, lists of sexual partners, information about device usage, or intimate photos and video, could be accessible via the apps that control the devices, the research says.

Cyberattacks could also cause physical harm, such as overheating the device, it adds.

Future concerns revolve around virtual reality (VR) and artificial intelligence (AI) powered sex robots, according to the research.

It says: “Future concerns about sexnology increasingly revolve around the capabilities of VR and AI powered sex robots that come with cameras, microphones, and AI voice analysis, all of which will need to be safeguarded against both physical and potential psychological harms.”

Connected sex toys, femtech, different apps, devices and sensors that aim to improve women’s health, and smart children’s toys, are among devices that are “under-regulated and thus under-secured” and “collect exceptionally sensitive data and therefore pose a high risk of harm to users, including psychological harm”, the research adds.

Vulnerabilities of smart children’s toys include device pairing with no authentication, which means anyone within radius with a Bluetooth device could pair with a toy to operate a microphone or camera, it says.

A spokesperson for the Department for Science, Innovation and Technology said: “The UK already has one of the most robust product security regimes in the world and research can help us identify new areas of vulnerability as technology develops and target policy work.

“We are committed to continue to bolster cyber defences to protect British people, which is why, later in the year we will be introducing the Cyber Security and Resilience Bill.”