Session
Hauptprogramm 35C3
Security

Internet of Dongs

A long way to a vibrant future
Borg
Werner Schober
With great pleasure comes great responsibility. A responsibility, which is not taken enough into consideration by the smart sex toy manufacturers as they should, while handling extremely sensitive data. As long as there is no serious breach, there is no problem, right? This was the basis for a research project (Master Thesis) called “Internet of Dildos, a long way to a vibrant future”, dealing with the assessment of smart sex toys and identification of vulnerabilities in those products, including mobile apps, backends and the actual hardware. After the assessment of a selection of multiple smart sex toys an abyss of vulnerabilities was revealed. The identified vulnerabilities range from technically interesting vulnerabilities to vulnerabilities which affect the privacy of the users in extreme and explicit ways.

In recent years the internet of things has slowly creeped into our daily life and is now an essential part of it, whether you want it or not. A long-existing sub category of the internet of things is a mysterious area called teledildonics. This term got invented about 40 years ago and described (at this time fictional) devices, allowing their users to pleasure themselves, while being interconnected to a global network of plastic dongs. In the 21st century, teledildonics actually exist. Multiple devices are on the (multi-million dollar) market, offering the ability to pleasure an individual, while being connected to the internet. Those devices offer functionalities, like remote pleasuring over local links as well as over the internet. They implement social media-like functionalities such as friends lists, instant messaging, movie chats and explicit-image sharing. With great pleasure comes great responsibility. A responsibility, which is not taken enough into consideration by the smart sex toy manufacturers as they should, while handling extremely sensitive data. As long as there is no serious breach, there is no problem, right? This was the basis for a research project called “Internet of Dildos, a long way to a vibrant future”, dealing with the assessment of smart sex toys and identification of vulnerabilities in those products, including mobile apps, backends and the actual hardware. After the assessment of a selection of multiple smart sex toys an abyss of vulnerabilities was revealed. The identified vulnerabilities range from technically interesting vulnerabilities to vulnerabilities which affect the privacy of the users in extreme and explicit ways. It was possible to gain access to thousands of users’ data records, including cleartext passwords, explicit images, real-world names, real-world addresses, and many more specific facts. Furthermore, we were able to remotely pleasure individuals without their consent over the internet, or over a local link.

Presentation Outline 1. Why? Explanation as to why it is necessary to conduct penetration tests in the area of teledildonics and why the topic was chosen for further research.

2. Quick introduction into basics like Internet of Things (IoT) Sextech Teledildonics (History of Smart Sex Toys) Internet of Dongs (IoD)

3. The “Test Devices” A quick introduction of the test devices examined during this project. Explanation of their feature set including areas of application and use-cases.

4. Let’s get dirty – An overview of the identified vulnerabilities DS_STORE File Information Disclosure Customer Database Credential Disclosure Unrestricted Access to administrative interfaces Weird authentication implementation Unauthenticated Bluetooth LE Connections Missing Authentication in Remote Control And many more…

5. Bluetooth LE Protocol exploitation Brief overview over Bluetooth LE security features Brief overview over Bluetooth LE authentication/pairing methods Brief overview over Bluetooth LE exploitation Hardware Brief overview over Bluetooth LE exploitation Software Hands-on example

6. The “Swinger Club Problem” How the manufacturers tried to downplay the vulnerabilities.

7. Legal Issues – Rape over the wire? How are current laws dealing with sexual pleasure without consent over the internet?

8. Responsible Disclosure Process Coordinated vulnerability remediation with the German CERT-Bund

9. Ongoing/Similar Research

Takeaways Attendees are made aware that not a single category of devices in the internet of things is secure, no matter how obscure and outlandish the device might be. This should also raise attention and motivation to test all those devices that are already out there and handle the Internet of Things more cautiously. Another important takeaway is to raise attention to how poorly programmed many IoT devices are and how it is still possible to discover vulnerability cases, which should be resolved and extinct. Last but not least, we want to take the opportunity to discuss and raise attention to the hot topic of “remote rape” or how our current legislature deals with remote pleasuring without consent.

Why this talk? First and foremost, this talk will be a lot of fun while teaching the audience how to assess smart sex toys and penetrate their backends (pun intended). The audience will learn what an attacker is capable of when attacking smart sex toys, nowadays. Furthermore, the audience will get deep insights into Bluetooth LE penetration testing including a hands-on example on a selected smart sex toy. Most of the identified vulnerabilities [1, 2, 3, 4] identified to this day include minor backend issues and or the good old exploitation of the Bluetooth LE protocol. The major difference compared to this research is, that the SEC Consult Vulnerability Lab identified a potential massive breach of data, including explicit images, clear text passwords, etc) via the “publicly” accessible database, as well as the issue with the remote pleasuring without consent, which is a so called “Feature”.

[1] https://arstechnica.com/information-technology/2017/10/screwdriving-many-bluetooth-sex-toys-leave-users-vulnerable/ [2] https://internetofdon.gs/reports/ [3] https://www.pentestpartners.com/security-blog/screwdriving-locating-and-exploiting-smart-adult-toys/ [4] https://scubarda.wordpress.com/2017/10/17/hacking-a-bt-low-energy-ble-butt-plug/

Additional information

Type lecture
Language English

More sessions

12/27/18
Security
hanno
Borg
Since a few months we have a new version of TLS, the most important encryption protocol on the Internet. From the vulnerabilities that created the need of a new TLS version to the challenges of deploying it due to broken devices this talk will give an overview of the new TLS 1.3.
12/27/18
Security
Frédéric Vachon
Clarke
UEFI rootkits have been researched and discussed heavily in the past few years, but sparse evidence has been presented of real campaigns actively trying to compromise systems at this level. Our talk will reveal such a campaign successfully executed by the Sednit group. We will detail the full infection chain showing how Sednit was able to install their custom UEFI module on key targets' computers. Additionally, we will provide an in-depth analysis of their UEFI module and the associated ...
12/27/18
Security
Mark Lechtik
Eliza
Meet SiliVaccine – North Korea's national Anti-Virus solution. SiliVaccine is deployed widely and exclusively in the DPRK, and has been continuously in development by dedicated government teams for over fifteen years. When we heard of this strange software, we were immediately driven to investigate it: it's not every day that you can catch a glimpse of the malware landscape inside the closed garden of the DPRK's intranet. In this talk, we will describe how we were able to obtain a rare copy of ...
12/27/18
Security
Borg
In this presentation we will take a look at how to break the most popular cryptocurrency hardware wallets. We will uncover architectural, physical, hardware, software and firmware vulnerabilities we found including issues that could allow a malicious attacker to gain access to the funds of the wallet. The attacks that we perform against the hardware wallets range from breaking the proprietary bootloader protection, to breaking the web interfaces used to interact with wallets, up to physical ...
12/27/18
Security
Martin Vigo
Dijkstra
Voicemail systems can be compromised by leveraging old weaknesses and top of current technology. The impact goes way beyond having your messages exposed.
12/27/18
Security
Adams
Die Venenerkennung ist eine der letzten Bastionen biometrischer Systeme, die sich bisher der Eroberung durch Hacker widersetzt hat. Dabei ist sie ein lohnendes Ziel, schützt sie doch Bankautomaten und Hochsicherheitsbereiche. In diesem Talk machen wir die Verteidigungsanlagen dem Erdboden gleich.
12/27/18
Security
Borg
We all know what FAX is, and for some strange reason most of us need to use it from time to time. Hard to believe its 2018, right? But can FAX be something more than a bureaucratic burden? Can it actually be a catastrophic security hole that may be used to compromise your entire network? Come watch our talk and find out …