14 DAY TRIAL // At the DEF CON 24 security conference that took place in Las Vegas over the weekend, two security researchers known only as RancidBacon and gOldfisk revealed that We-Vibe 4 Plus, a self-pleasure adult toy, collects data on users and sends it to its manufacturer.
We-Vibe 4 Plus [NSFW] is a next-gen vibrator that fits in the category of Internet of Things (IoT) devices. When using the product, the device sends usage telemetry via Bluetooth to a nearby phone running the We-Vibe mobile app.
In turn, the app sends some of this data every minute to the We-Vibe servers, such as the toy's temperature, its vibration level, and the vibration mode (pattern) the user is using.
Device collects data only for debugging and fine-tuning purposes
In statements provided to pop culture magazine Fusion, Standard Innovation Corporation, the device's manufacturer, has revealed what we suspected.
Standard Innovation Corporation President Frank Ferrari has said this data is only collected in order for the company to fine-tune the vibration mode for future releases and learn about how users are using the device.
The company's actions are nothing out of the ordinary since other services, and especially IoT manufacturers, engage in similar practices.
A data breach can have serious consequences for the device's users
What the two researchers pointed out is that the app's terms of conditions are vague on this topic, also specifying that the company reserves the right to share this data with authorities if ever requested.
This Guardian article points out a few countries and US states where self-pleasure is considered illegal, with offenders risking from public lashings (Saudi Arabia) to decapitation (Indonesia).
Imagine the world of trouble someone would get in if this data ever ended up in the wrong hands, or after a data breach.
We Vibe is collecting realtime about vibrator intensity by JSON callbacks to the server #defcon pic.twitter.com/XJU4NQPbrg — 0x0i5 (@0x0i5) August 5, 2016