This story is part of , our full coverage of the showroom floor and the best new technological devices.
Sex tech took over CES in Las Vegas last week, with vibrators, Kegel trainers and even a Band-Aid patch to prevent premature ejaculation on display.
Almost all of these devices connect to applications, and many collect data. But what happens when sexual technology or the applications that drive them are hacked?
This year, more than 20 billion connected devices will be installed worldwide, including sexual technology products with applications that monitor orgasms, save vibration patterns or allow you to connect with your long-distance partner's pleasure device. Since most operate through a Bluetooth connection and with an application, violations are possible and even probable.
The good news: some providers established in the sexual technology space are taking security seriously, or at least trying. There are consequences of inaction. A high profile lawsuit in 2016 accused the sex technology company We-Vibe of transmitting user preferences, usage data and email addresses to its servers without consent. The company resolved the case for $ 3.75 million in 2017.
Security is the most important thing for companies that have seen the impact of lawsuits or violations, said Nicole Schwartz, an Internet researcher at Dongs, who links security professionals with sexual technology vendors to find vulnerabilities in the devices. But in general terms, when it comes to security, sexual technology products are "all over the map," he added.
Sexual technology tends to fall into three categories, Schwartz said: products of established players with experience in technology; products conceptualized by a person who then exports the design and manufacturing to a third party; and innovative products launched to the market quickly to obtain fast cash.
"Two out of three of these companies are not security conscious," said Schwartz. "The ones you are going to see at CES are obviously a bit more technological, so you are seeing a particularly skewed market section."
In 2016, security consultant Brad Haines wanted to learn more about IoT security, but discovered that most areas (such as connected kitchen appliances) had already been well researched. Meanwhile, the sex technology industry was beginning to grow, but no one in the security community had given these products a serious and professional security aspect. That year, Haines founded Dongs Internet.
"At first it was quite scary, how bad it was," Haines said. "This was an industry that never had to deal with connectivity before. There is no one around to say, & # 39; That doesn't seem like a good idea & # 39;".
The project discovered some heinous problems. With one application, a single API query gave you access to the entire user base. He was able to hack another product, a webcam connected to a ring that is worn around the penis, in 20 minutes.
The safety concerns of sexual technology are less about someone hacking the device itself, generally, it would have to be less than 10 feet from the device to do so, Schwartz said. The biggest problem is the application on your phone. That's where commitments are most likely to occur and where users have more control, he added.
Leona, a vibrator that is combined with an application, meets Mozilla's minimum safety standards. The device has biofeedback sensors that measure pelvic floor movement and vaginal wall contractions, which indicate arousal. Seeing that data in the application helps women understand which conditions are more pleasant, said Anna Lee, co-founder and vice president of engineering, at CES.
The application requires that you create a profile with an email address, but the rest can be anonymous. The company collects anonymous data, Lee said.
Lioness also has a privacy page on its website that breaks down its policies in easy to understand terms.
"At the end of the day, vibrators are an intimate product," said Lee. "It's absolutely important how to secure that data for people and make sure we don't have IoT devices that filter that data and privacy."
Other companies at the fair also emphasized the safety of their products. Clitoris vibrator and stimulator manufacturer Satisfyer has launched an application that you can use anonymously, with no data stored or collected, said a company representative.
OhMiBod, a company owned by a husband and wife selling Kegel exercisers, vibrators and other devices, showed a new Bluetooth-enabled vibrator for long-distance partners. The company does not collect data other than those necessary to create an account, said co-founder Brian Dunham. While users can store information such as vibration patterns or Kegel exercises directly in the application, "if you lose your device, you lose that data and history," Dunham said. "But we believe it is a small price to pay for additional security."
Waiting for stronger security measures
More lawsuits have caused some companies to pause before connecting sexual technology devices. Hong Kong-based Hytto, which manufactures products under the name of Lovense, faced a class action lawsuit in 2019. The plaintiff alleged that the company secretly stored and monitored the personal data of its Lush vibrator users, including the Time and date of use. – without your consent.
"We don't sell our users' data, and we only use it for customer service issues, and we delete those records regularly," said Gerard Escaler, Lovense's marketing director at CES. "The specific concern was that there was something cached on the user's phone, which was addressed by an update we made."
MysteryVibe connected vibrators allow you to store vibration patterns and settings in an application. But if the application is deleted, all that information will disappear.
"We have no profiles, because we firmly believe that nothing is unwavering," Soum Rakshit, CEO and co-founder of MysteryVibe said at CES. The company has not yet launched a long distance user role, because it wants to ensure that security is strict enough, he added.
"Many people spend months debating the color of a product," Rakshit said. "If we can give security the same level of importance in design, then we won't have to worry later. The biggest selling point is that it saves you time and money if you do it at the beginning."
Notably,Osé, a robotic sexual device designed to give women simultaneous clitoral orgasms and the G-spot that won a CES innovation award 2019, is not yet connected to anything.
"Eventually, we want it to be connected to Bluetooth and the app, but we are hoping to make sure it's safe," said Mazie Houchens, an engineering technician at Lora DiCarlo. "Because we are a promising industry, especially in technology, we don't want to prepare for failure."
How to choose a safe sexual technology device
If you are concerned about the security of a device, there are some steps you can take, said Schwartz, an Internet researcher of Dongs. "Check your website and see: do they require you to create an account? Do they talk about security? Are they specific? Do they say things like & # 39; We encrypt everything & # 39 ;?"
If you are using a sexual technology device that connects to an application or website, be sure to create a new non-identifying username, email and password, recommends Schwarz.
"Do it like that, even if someone compromises your stuff, they won't have enough to really confirm that it is you," Schwartz said. If you end up with a partner with whom you have been using a device, be sure to also change all your associated emails and passwords.
Even if you don't create a user profile, your privacy may still be invaded, Ken Munro, a consultant with security firm Pen Test Partners, told CNET. Almost all sexual technology products use Bluetooth to connect to the user's smartphone. The Bluetooth advertising ID (the name of the Bluetooth device you see on your phone when you try to connect to a new device) is usually static, so your neighbors could see it if it is on, Munro said. This is how the company was able to locate and hack a series of sexual technology devices.
Munro also questions the idea that some sexual technology companies do not collect any data. "All mobile applications collect data in some way," he said. "It was impossible to enable Bluetooth in an Android mobile application without the ENABLE_COARSE_LOCATION permission, so the application collected location data whether the developer intended it or not."
We are also seeing a wider range of sensors in adult devices, Munro said. That means more functionality, more data and more opportunities to mislead privacy and security, he added.
Until solid safety standards are established, users will have to ask themselves: how much does the benefit of a connected sexual technology device outweigh the risk of a hack?
"For those in long-distance relationships, or those who travel for work often, it is a way to maintain intimacy between partners," said security consultant Haines. "As long as everyone involved knows and accepts potential risks, this technology can strengthen relationships, and that is a worthy benefit."
Originally published on January 17.