How would you feel if details about your personal life and most intimate activities were being collected without you knowing about it? Well the BBC reported last week on a legal case brought against Canadian firm Standard Innovation, manufacturers of the We-Vibe range of sex toys, who were accused of tracking data generated by thousands of their customers using We-Vibe products.
An app called We-Connect used with the We-Vibe vibrator relayed data on things like temperature, settings and usage back to the company. Feeling that their privacy had been violated, customers of Standard Innovation filed a class-action lawsuit against them in September 2016, resulting in Standard Innovation agreeing to compensate US customers and updating its privacy notice and app security.
The BBC report also detailed how the flaw with the app came to light, reporting on a pair of hackers who had demonstrated at a US hacking convention how the data could be sent from the device to the company. They also showed how malicious third parties could not only intercept data from the device, but more worryingly could possibly take control of the vibrator itself, in their words, committing “potentially sexual assault”.
The We-Vibe is an example of the ever-growing ‘Internet of Things – physical products and devices embedded with electronic components enabling them to connect to the internet. While the Internet of Things has already been around for a few years now, teething trouble like Standard Innovation’s story show that it remains very much in its infancy and there is still a lot work needed to bring it to maturity.
Reports such as this one from The Guardian also highlight the growing risk of criminals or terrorists hijacking internet-enabled devices to launch cyber-attacks, by exploiting deficiencies in, or lack of, in-built malware protection. One common type of attack is called a ‘distributed denial-of-service’ (DDoS) attack and involves a flood of data requests being sent to a website from a network of compromised devices, essentially overwhelming it and bringing it down. With an influx of new connected devices now coming online, the potential for such attacks is expected to significantly increase.
There are now several tasks ahead for manufacturers as a whole. One is to take heed of Standard Innovation’s cautionary tale and recognise that while the Internet of Things is a brave new world of technological wonder and commercial possibility, dangers and pitfalls exist that can have dire consequences, not only for unwary businesses but for the wider global community. The second is to determine exactly what these devices should be doing and agree a standard or best practise. Until such standards are in place Sated Design would urge all manufacturers to include cyber security as part of their product risk assessment reviews.