back to article Bluetooth 'Panty Buster' 'smart' sex toy fails penetration test

Security researchers have found multiple vulnerabilities in smart sex toys that open up the potential for all sorts of mischief by hackers. The Bluetooth and internet-connected Vibratissimo Panty Buster, and its associated online services, made by German gizmo biz Amor Gummiwaren, are riddled with exploitable privacy flaws, …

  1. Blockchain commentard

    "a master's thesis with the goal of reviewing multiple smart sex toys including several teledildonics devices. "

    Good to see dwindling university funds so well spent.

  2. }{amis}{
    Joke

    :-)

    Damm what a Buzz kill

  3. Anonymous Coward
    Anonymous Coward

    German sausage with holes in? It could have been wurst.

    1. macjules

      German sausage with holes in? It could have been wurst.

      LOL of the month so far!

  4. Alister

    Armor Gummiwaren

    What an apt name.

    It's almost a disappointment to learn that Gummiwaren means "rubber goods", it sounds such a great name for an anatomical area.

    1. JLV
      Headmaster

      Re: Armor Gummiwaren

      Armor Amor

      Rubber Love Goods, not Rubber Armored Goods. Which would be Panzer Gummiwaren. Yes, that sounds very whips and chains and naughty dressups with Kommandant-Uniform.

      I for one wouldn't call their security Armor-ed.

      FFS, these guys have 2 jobs. One is to provide a device that pleasures its users. The second is to mind the users' privacy, at least somewhat - that's the very nature of that business.

      The hard work is #1.

      #2 should be - Do we really really need to include feature XXX? Or will it come back to bite us in the ass, but not in a good way? We Vibe already showed the fail, these morons should have known better by now.

    2. handleoclast

      Re: Armor Gummiwaren

      Not to be confused with this.

  5. Anonymous Coward
    Anonymous Coward

    SEC Consult has confirmed with The Reg that the database is not accessible any more.

    Spoilsports...

    SEC Consult alleged the manufacturer had said it was even a "desired property of the sex toy"

    Tinder-over-Bluetooth. Swipe left to ... err...

  6. Simon Harris
    Joke

    The Vibratissimo Panty Buster... and the server backend

    Presumably the latter is for the butt plug version.

    1. Blitheringeejit
      Joke

      Re: butt plug version

      I thought the whole point of the article was that its backend/butt was anything but plugged...

  7. Paul Hovnanian Silver badge

    Hacker manipulation

    "desired property of the sex toy"

    Really? I can imagine some swingers parties where some anonymous play might be fun. As in "Guess who's pushing my button now." But sitting in the coffee shop at the next table over from some pimply-faced geeks?

    Oh, and pics or it didn't happen.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hacker manipulation

      Who goes to a coffee shop with a dildo up her snatch? If there is anyone would do this you have to assume the purpose is some sort of dogging lite, i.e. a form of anonymous sex without the risk of catching AIDS.

      1. Anonymous Coward
        Anonymous Coward

        Re: Hacker manipulation

        Who doesn't?

  8. Ima Ballsy

    Errrr .....

    Perhaps they forgot the security penetration test.

    Maybe a HOT fix would be in order and a chastity PORT blocker ...

  9. Caltharian

    the press seems abuzz about this

  10. Blank-Reg
    Gimp

    Early 2018 and another potential virgin dataset ripe for penetration. Typical.

    Errr...

  11. hatti

    Fnarr

    Loving the headline, jokes write themselves these days.

  12. tony2heads
    WTF?

    This sound made up

    "Panty buster" "Gummiwaren"

    Surely this cannot be real

    Icon -obvious!

  13. Anonymous Coward
    Joke

    Fails penetration test?

    * It's a sex toy

    * It's easily penetrated

    Working as expected!

  14. tiggity Silver badge

    Thesis

    I'm guessing it can be occasionally awkward when people ask you what your thesis is about..

    1. Simon Harris

      Re: Thesis

      "A comparative study of pudendal stimulation devices with the aim of establishing secure control and telemetry links"

      Nothing awkward about that... at least until you have to explain it in detail.

    2. Anonymous Coward
      Anonymous Coward

      Re: Thesis

      You need to get out more and look at the titles of some medical theses. Bottoms and things associated with them sometimes need medical attention, and somebody has to research it.

      1. Simon Harris

        Re: Thesis

        I've spent a few years of my life sticking things up mens' willies (robotic prostate surgery projects).

        At one point I was interviewed for a Danish newspaper - when I saw the proofs the only three words I recognised were my name, 'robot' and 'penis'.

        Even got a spot on Tomorrow's World with that project

        https://youtu.be/zCZjktHxgw4

  15. Phil O'Sophical Silver badge

    Apart from the headline I didn't see any double-entendres in the whole article. I don't know whether to be disappointed, or impressed by your forebearance on a Friday.

    1. Francis Boyle Silver badge

      Did you miss

      the bit about exposing administrative interfaces on the internet? Or do I just have a dirty mind?

  16. Blofeld's Cat
    Coffee/keyboard

    Careful now ...

    "... the server backend had multiple vulnerabilities ..."

    Ye gods, John - have you never head of a NSFW label?

    1. Anonymous Coward
      Anonymous Coward

      Re: Careful now ...

      I doubt NSFW ever applies at Vulture Central.

    2. Ken 16 Silver badge
      Alert

      save NSFW for where it matters

      Like a long screw while installing a Cisco switch

  17. Anonymous Coward
    Anonymous Coward

    If you can't do the Tank Tank...

  18. Potemkine! Silver badge
    Coffee/keyboard

    Congrats to Mr Leyden...

    ... for the title.

    Now, let's talk about the new keyboard you owe me...

    1. Anonymous Coward
      Anonymous Coward

      Re: Congrats to Mr Leyden...

      as in Leyden Hosen ?

    2. Ken 16 Silver badge

      one handed typing?

      No THAT is a disturbing visual!

  19. DNTP

    Openly accessible on the internet

    I dunno, maybe market it to exhibitionists?

  20. macjules

    Open to penetration and SQL injection ..

    Non-consensual "tickling" could be carried out either against a nearby Bluetooth-based device or over the internet

    My better half has informed me that she will now be staying a safe distance from our IoT-enabled kitchen, just until proper SQL security has been enabled.

  21. This post has been deleted by its author

    1. Anonymous Coward
      Anonymous Coward

      It should be a measured choice.

    2. DNTP

      Make sure you are open enough to be inserting this commitment into your schedule. Otherwise you'll be stuck with something that doesn't fit your lifestyle but requires serious intervention to remove.

      Medical Intervention.

    3. Anonymous Coward
      Anonymous Coward

      Before buying a dildo you should think long and hard.

      LMAO, I literally fell out of my chair laughing so hard! You win +1 internet for most deft comment I have seen in a long time!

  22. TonyWilk

    Research

    In the interests of Science, I looked up: Vibratissimo Panty Buster, available from Amazon.

    The one Customer Review:

    too good to be true..

    Unless you have android 4.4 or higher, you cannot use it. Also, the vibration was weak and the ability to connect via Bluetooth too which made it too irritating as you had to spend ages trying to make it connect. I wouldn't recommend it..

    Just imagine the situation... "Connect you **** !!!!!!!!"

  23. Craig 2

    "Worse yet, an attacker might be able to remotely turn on the device without the consent of the its owner"

    So this could be prosecuted as sexual assault? Plus of course the other charge of hacking...

    Perversely, a remote attacker could end up with a harsher sentence than a physical assailant.

    It's a crazy, crazy world....

  24. Blitheringeejit
    Coat

    "a more secure pairing method" ...

    Handcuffs, ropes or shackles?

    Non-consensual tickling icon, obvs...

  25. onefang

    I'm wondering how simply turning on a dildo is worse than exposing explicit images? I'm also wondering why a dildo maker has a database of users explicit images? Did it include a hidden camera?

    1. VinceH

      That made me do a double take, too, until I followed the link in the article, and found:

      "The mobile apps used to control those devices are not just an ordinary remote. The apps offer multiple features for communication and socializing like search for other users, maintaining a friends list, a video chat, a message board and also a feature to create and share image galleries, where images can be stored and shared with friends in the Vibratissimo social network."

    2. Anonymous Coward
      Anonymous Coward

      is it possible to turn a dildo on?

      1. Fruit and Nutcase Silver badge

        @AC

        is it possible to turn a dildo on?

        REST API?

        (on Port 69)

      2. 's water music

        is it possible to turn a dildo on?

        Meta dildo?

    3. Anonymous Coward
      Anonymous Coward

      I think there will have to be an investigative probe to find that out...

    4. Neil Barnes Silver badge
      Big Brother

      Did it include a hidden camera?

      Oddly enough (very oddly!) I was directed to this page from a large format photography forum: http://www.dazeddigital.com/art-photography/article/38831/1/artist-dani-lessnau-extimite-puts-camera-inside-vagina-takes-photos-of-lovers (safeish for work)

      (but the point about a pinhole camera is that you have to hold it still for a long time...)

      1. Bill_Sticker
        Coat

        Re: Did it include a hidden camera?

        Does that sort of thing need flash?

  26. ExampleOne

    My sex toy has a virus?

    1. MrDamage Silver badge

      Not so much as that, rather the front door buster has a well penetrated back door.

    2. Scroticus Canis
      Unhappy

      My sex toy has a virus

      Eew!

  27. unwarranted triumphalism

    Now that you're publishing obscene articles...

    Will we need age verification to visit the site after April?

    1. Anonymous Coward
      Anonymous Coward

      Re: Now that you're publishing obscene articles...

      Did April have to use age verification?

      1. Anonymous Coward
        Anonymous Coward

        Re: Now that you're publishing obscene articles...

        Well I believe James May of "Top Gear/The Grand Tour" fame is currently discussing that with June Cleaver of "Leave it to Beaver" fame sometime in July.

        I just realized I may have made a quadruple entendre there...

        1. Simon Harris

          Re: Now that you're publishing obscene articles...

          "James May of Top Gear"

          He should start a TV series that reviews such devices as these and call it "Bottom Gear"

  28. Anonymous Coward
    Anonymous Coward

    Maybe the wearers WANT someone to hack in and control it

    I could see that being a turn on for some people - they'd probably remove the password to remove the hacking requirement...

    1. M7S

      Re: Maybe the wearers WANT someone to hack in and control it

      Yes, IIRC Stuxnet was supposed to induce excessive vibration.

      The sort of Subtly Transmitted Infection you might not object to

  29. Anonymous Coward
    Anonymous Coward

    Fifty shades of

    Freely available list of people who are "liberated" and have more money than sense.

  30. Anonymous Coward
    Anonymous Coward

    potential for all sorts of mischief

    wriggle...up?

  31. Anonymous Coward
    Anonymous Coward

    Well, now we know the real story behind the famous scene in "When Harry Met Sally."

  32. Fruit and Nutcase Silver badge
    Mushroom

    Bunker Buster

    Panty Buster??? You want Penetration? You need a Bunker Buster.

  33. Jay Lenovo

    Poised to succeed

    When paired with a proper SUI device, we can stop this data from leaking.

  34. MatsSvensson

    In Soviet Russia, sex-toy turn on YOU.

    Put butt-plug in, go party.

    But in Soviet Russia, party plugs YOU.

  35. PrometheusPB

    I was compelled to subscribe

    If this article was a thesis in creative writing, this deserves an "A". Little wonder why people in the UK live longer than in the US, because clearly laughter is the best medicine. "SQL injection"? Is that slang? LMAO...

    I followed this story while looking at another article on tech support, and Bloody Norah, was I rewarded with not just the article, but the satirical comments, that made my day. All you folk crack me up to no end!

    Don't mind me, I'm still wiping tears from my eyes while trying to maintain breathing. This article did my cardio for the day, the comments just finished me off.

  36. Simon Harris
    Joke

    VaaS - vibration as a service.

    One feature of the researcher's work was his comparison of internet connected dildos for ladies and various prostate tickling devices for men. He found the men's devices to be much more secure- in fact there was a vas deferens between the two groups.

  37. Andrew Barr

    New acronym required

    IoD - Internet of Dongs

  38. John Brown (no body) Silver badge

    Vibratissimo

    Does it make you a coffee afterwards?

    1. Fruit and Nutcase Silver badge

      Re: Vibratissimo

      @JB...

      Does it make you a coffee afterwards?

      How about an inbuilt vape attachment? Saves looking for a cigarette afterwards.

  39. razorfishsl

    This was already looked at about 5 years ago with another product.

    Lawyers also looked at the possibility of people being charged under statutory rape laws if they activated devices without the users consent, which basically it would be.

    1. onefang

      "Lawyers also looked at the possibility of people being charged under statutory rape laws if they activated devices without the users consent, which basically it would be."

      Only if the device is being worn at the time. I don't think you can rape a cardboard box stored under a bed. And if the device is being worn, I suspect the wearer wants it to be activated. Though it is true they are likely to be choosy about who activates it.

  40. Rob D.

    I only read El Reg ...

    ... for the headlines.

  41. Fruit and Nutcase Silver badge
    Alert

    Reach the G spot with 4G

    Add a 4G radio so you can use it to make and receive calls

    4G mobile cum dildo.

  42. JWLong

    There's an App for that....!

    So, who's on the "Friends List". The Energizer Bunny, Duracell, EverReady, ACDelco?

    Does this thing have wireless charging, or a warning label not to hook up to mains voltage while wet.

    Any Idea of how they keep the grundgy stuff out of the USBC port?

    Inquiring minds want to know,

    Now I gotta go puke!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like