Attackers know the value of intimate information


  "Attackers know the value of intimate information"

Cybersecurity expert Cecilia Pastorino on why hackers are attracted to the adult gadget industry and why it's dangerous

Attackers know the value of intimate information
  "Attackers know the value of intimate information"

Adult gadgets do not always sufficiently protect user data and can be an easy target for hackers, said Cecilia Pastorino, an information security expert from ESET, in an interview with Izvestia. By hacking into an intimate device, a cybercriminal can obtain comprehensive information about the sex life of its owner, and then blackmail the victim and demand a ransom. The pandemic has spurred the demand for sex toys, and hackers will certainly take advantage of the trend, the expert is sure.

Distributors of other people's intimate photos only risk a fine

- How have sex toys improved over the past 5-10 years, which is why hackers have noticed them?

- Modern gadgets have acquired many functions. For example, you can transfer remote control of the device to other users through a mobile application or browser . In the same applications or websites, users can participate in group chats and video conferencing, as well as share device settings or sync vibration with music or audiobooks. There are paired devices that allow partners to mimic movements from a distance . And this is just the beginning. Recent advances in the sex toy industry include devices with virtual reality options and sex robots with artificial intelligence, cameras and microphones . In some countries, similar robots are already being used in brothels to replace sex workers.

phone girl
phone girl

- What can you learn about a person by hacking his advanced sex toy?

- Names, email addresses, sexual or gender orientation, information about the use of the device (time of use, types of vibration, temperature). Plus intimate photos and videos . Hacking a sex toy and leaking data can be disastrous.

Scientists find out how much self-isolation has provoked increased interest in adult sites

- What, for example?

- Many countries have laws prohibiting citizens from engaging in certain sexual activities. In such regions, primarily in Africa and Asia, the publication of private information about the sexual behavior of a person and his partners can lead to arrest, subsequent imprisonment and even death sentence. For example, in Sudan, Saudi Arabia and Afghanistan, according to journalists El Pais (Spanish daily - Izvestia), homosexual relationships are still punishable by death.

- Hackers are more likely to set themselves the goal of making money, rather than killing someone. How are cybercriminals monetizing sex toy attacks?

- Mostly through extortion or sexual harassment . For example, if a hacker manages to block access to or control of a gadget after a hack, he may demand a ransom to regain control of a vibrator, chastity belt or sex doll. Confidential information received from the device can be used for blackmail. Money is demanded from the victim in exchange for keeping the information secret from the spouse, colleagues or law enforcement agencies. Such information can also be used in social engineering. Achieving the goal is simple when the victim is sure that a familiar person or, for example, a relative of the partner asks to make a transaction or perform another action.

search line
search line

Mass extortion for the non-proliferation of intimate photos on the web continues to go unpunished

- Is it difficult to steal all this data from a sex toy?

- Differently. Many devices have serious privacy concerns . They do not protect metadata or personalized files. For example, one of the applications we analyzed sends images that contain information about the user's device and its geolocation. And in another mobile client, we saw that the e-mail of each chat participant is used by all phones in the session and is stored in plain text in the general settings file. Such miscalculations greatly simplify the work of hackers.

- Can hacking an adult gadget cause other devices and user accounts to be compromised?

- Sure. As with any other cyberattack, vulnerable devices can be used as an entry point to the Network or to take control of other gadgets in it.

- Can the interception of control of an intimate gadget be considered sexual assault?

If it is confirmed that the clips violate the law, the resource pages may be blocked

- We cannot talk about the consequences of a hacked gadget without re-evaluating the importance of sexual violence in the context of the digital transformation that society is going through. First, you need to determine the consequences of intercepting control over an intimate gadget without the user's consent. Then find out if the law provides for punishment for such behavior. After all, is it legal to take control of a gadget into an act of sexual assault?

Many countries have a legal framework that categorizes different types of cybercrime. However, the phase when new forms of cyber incidents affecting the privacy of many users are immediately registered in the legal framework has not yet been reached . However, one thing is clear: consent obtained through online fraud is not legitimate. This axiom must be enshrined in existing laws to ensure the sexual, physical and psychological safety of users in the digital world.

phone photo girl
phone photo girl

- Is it possible to talk about an established trend when it comes to hacking sex toys?

“The adult sex and entertainment industry has been targeted by cyber attacks on several occasions. Just remember the attack on the social network Ashley Madison, when the names of more than 37 million users were published, which provoked a wave of divorces and suicides. Or a scam with a Tinder vulnerability that allowed attackers to trick men with fake female profiles.

Although there have not yet been any massive attacks on smart sex toys, vulnerabilities have been reported that could potentially affect thousands of users. We also know that many attacks go unreported simply because users do not always realize that they have been hacked. And the owners of sex toys belong to the group of those who will not bring up problems with their gadgets for public discussion.

- Will attacks on adult gadgets become a trend in the next 5-10 years?

Her search takes 90% of all queries on the topic of adultery

- The era of smart sex toys is just beginning. They are gaining popularity. The pandemic has greatly spurred this process. 

Self-isolation has forced many people to stay at home, sometimes away from their partners and unable to continue their normal sex lives.

 As a result, people have turned to new ways of exploring their sexuality or maintaining passion with remote-controlled adult toys. With the onset of the pandemic, sales of such devices have skyrocketed.

There is no doubt that hackers are taking advantage of this situation . Internet scammers always act on growing trends. Moreover, in the pursuit of sales, manufacturers of sex gadgets do not think about the safety functions of products in the first place . 

Cyberattacks will definitely not stop in a couple of years, because attackers know the value of intimate information for subsequent deception and extortion. But the safety of sex toys will increase over time. Manufacturers will consider data integrity aspects of such devices at the design stage.

sex doll
sex doll

- How correct is it to say that developers of gadgets for adults pay little attention to information security?

Russians are being blackmailed by email

“Both vendors that my colleague Denise Giusto Bilic and I interacted with during the research were deeply concerned about the vulnerabilities found and took the necessary steps to fix them. 

They also stated that they periodically conduct checks and send newsletters to customers about security flaws and how to fix them.

 But the market for smart sex devices is vast and includes many different manufacturers. It would be wrong to generalize in this case.

Unfortunately, there are manufacturers who, either due to a rush to release devices, or due to a lack of experience in technological issues, do not conduct an information security testing stage and do not consider potential vulnerabilities at the design stage.

- Do you see the prerequisites for developers of gadgets for adults to start paying more attention to cybersecurity?

- One of the prerequisites is the growing expectations of the users themselves. Bulk product requires vendors to provide advanced information security practices. At the same time, our survey shows that only 30% of smart gadget users are concerned about security issues. Therefore, the consumer must first become more conscious in order for the manufacturer to take the right steps towards digital security.