Two New Zealand researchers discovered that one of the most popular connected adult toys on the market sends user data back to its manufacturer.
Presenting at the Black Hat conference in Las Vegas, a hacker by the name “follower” and his colleague, “goldfisk,” reverse engineered the We-Vibe 4 Plus and found that the device in real time streams information back to the manufacturer – including temperature data once a minute and intensity settings of the device, according to Vice's Motherboard.
The researchers told the audience that the temperature data is ostensibly related to monitoring the device's motor temperature, but also said this could be affected by contact with the user's body.
“At minimum you can determine whether or not the device is in use even if it's not interconnected,” follower said, adding that this information is collected on all users.
Devices like this raise privacy concerns and have political and legal implications if an attacker were to intercept the data or gain control of the device, the researchers said.