Penetration testing: Researchers successfully hack a vibrator

phone-958066_960_720Cyber security researchers have gone to great lengths in their efforts to raise awareness about the cyber threat-laden world we’re living in. They’ve hacked cars on the highway, found ways to sneak into the power grid, tried to break into airplane infotainment systems and even managed to get into Ashley Madison’s database.

But of all the penetration testing stunts to date, one recent demonstration in Germany really hits below the belt.

An explicitly clear message

During the CeBIT technology fair in Hanover, Trend Micro researchers placed “a large, neon-pink vibrator” on a desk facing the audience. Then, simply by typing a few lines of code into a laptop, one of the researchers was actually able to remotely control the device. According to Reuters, the demonstration elicited giggles from those on hand. However, the fun quickly came to a sobering climax when those in attendance realized the implications of the farcical exhibition: Anything and everything that is connected to the Internet can be hacked.

Research from the IDC pegs the number of connected devices to surpass 28 billion by 2020. The number of use cases for the Internet of Things is only limited by the imagination of tech entrepreneurs and the wireless capabilities of app developers. A home lighting system in New York can be controlled from a smartphone in California. A car heating system can be turned on from inside the office on a cold day so the driver can be comfortable upon entering the vehicle. And apparently, a vibrator can be remotely controlled with a smartphone application.

The problem, however, is that all of these nifty capabilities can also be exploited. A few months ago one researcher found a way to bypass authentication in The Nissan Leaf application. Using only a vehicle identification number, the researchers managed to remotely access the climate control system in one of the popular electric cars. If they wanted, they could then run the heating and cooling system until the battery was completely drained.

Invasion of privacy?

Unlike hacking a car, the implications of remotely controlling a vibrator aren’t quite as obvious. But what happens on the front-end is just the tip of the iceberg, Raimund Genes, Chief Technology Officer at Trend Micro, told Reuters.

“If I hack a vibrator it’s just fun,” Genes said. “But if I can get to the back-end, I can blackmail the manufacturer.”

Imagine, for example, that hackers were able to steal data associated with the program that lets a smart-vibrator work in the first place. This application could live on a smartphone, a tablet, a laptop or other computing device. Suddenly, what seemed like a silly act of cyber security defiance is a serious breach of privacy.

A report from Trend Micro titled “Privacy and Security in a Connected Life: A Study of US, European and Japanese Consumers,” found that an increasing number of consumers are becoming “privacy-centric.” This means that they would change their behaviors if they believed that their personal data was at risk. The reason this is so relevant to the IoT is that wirelessly connected devices can be used as portals to sensitive information. Once a device is Internet-connected, it becomes penetrable, which means data becomes vulnerable.

What better way to make this point than by hacking something as intimate as a vibrator? While the idea comes across as amusing, it’s not actually a laughing matter. As pointed out by BGR, “There’s nothing funny about hackers cracking web-connected sex toys.”

If anything, the demonstration will prompt IoT manufactures and connected-device enthusiasts alike to swallow a hard truth: Better end-point cybersecurity is needed to protect the IoT.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.