June 12, 2021

Connected sex toys in the crosshairs of cybercriminals


Connected sex toys, in the crosshairs of cybercriminals.

Connected sex toys, in the crosshairs of cybercriminals.
EFE

They are part, like many other devices connected to the network, of the increasingly popular “internet of things”But sex toys are in the crosshairs of cybercriminals and can be especially vulnerable because of the intimate and sensitive information they can store.

Manufacturers tend to prioritize its functionality, appearance and cost but neglect in many cases, according to some experts, the computer security of the device. Many of them are manufactured in countries that do not meet the same security and privacy standards that prevail in Europe and can store data as sensitive as habits, places, times, images and even conversations.

The main risk of the “internet of things” is the vulnerability of its security and that the devices are exposed to unauthorized access, has observed the computer engineer Angela Garcia Valdes, specialist in security technologies and technician from the National Institute of Cybersecurity (INCIBE) -under the Ministry of Economic Affairs and Digital Transformation-.

In statements to EFE, García Valdés has specified that all connected devices store a large amount of personal information and has stressed the importance of knowing the advantages and risks to know how to prevent and mitigate them, reinforcing security and configuring devices correctly.

Being connected to the internet, García Valdés has insisted on the importance of correctly configuring the connection and if it is possible even to create a separate network for these types of devices, connect them to the network only when they are being used, use “strong and independent” passwords, disable protocols that allow multiple devices to find each other and periodically delete logs and history.

It has also warned that the information obtained in this type of attack can be put up for sale in the “black market“or be reused to launch other types of social engineering attacks against users.

“The more specific information they have about us, the more plausible these attacks will seem and, therefore, the success rate will be higher,” said the INCIBE expert, citing as an example the “sextortion” campaigns – blackmailing a person with an image or video of sexual content.

The company specialized in cybersecurity S2 Grupo has observed that the “sexnology“(sex + technology) has experienced a notable increase. They have observed that this has multiplied cyber risks and has placed sex toys as a new target for Internet criminals.

These devices handle and store very sensitive and very intimate information that can have a very high impact on the personal lives of users, this company has warned, which has recalled as an example cases such as that of a criminal who requested “a ransom” from a person after hacking and lock the device you were using -in this case, a chastity belt-.

His recommendations: unique and robust passwords for these devices, never use public Wi-Fi networks, contrast the seriousness of the manufacturer and its commitment to security and data protection, and above all “common sense” and not share anything that could be sensitive or hurt if publicly exposed.

Sources from the cybersecurity company Kaspersky have observed that some vibrators are connected by “bluetooth“to mobile phones or tablets and allow local or remote use -from another mobile- and the functions of the application include, in some cases, even a complete social network with group chat and even albums.

And they recalled that a researcher did an experiment with one of these devices and in the configuration folder of the same found a file and managed to connect to a database and access the private data of all its users, including names, passwords, chats or images.

The INCIBE specialist, Ángela García Valdés, has recommended, before buying this type of device, to do an internet search on its vulnerabilities and if they have been solved, to know the manufacturer’s privacy policy and to analyze issues such as the information it collects, what does he do with it, if it is shared with third companies, and where, how and for how long the data is stored.

.



Source link