By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Today, researchers have exposed common weaknesses lurking in the latest smart sex toys that can be exploited by attackers. As more as more adult toy brands enter the market, given that the COVID-19 situation has led to a rapid increase in sex toy sales, researchers believe a discussion around the security of these devices is vital. In examples provided by the researchers, technologies like Bluetooth and inadequately secured remote APIs make these IoT personal devices vulnerable to attacks that go beyond just compromising user privacy. ESET security researchers Denise Giusto Bilić and Cecilia Pastorino have shed light on some weaknesses lurking in smart sex toys, including the newer models. The main concern highlighted by the researchers is, that newer wearables like smart sex toys are equipped with many features such as online conferencing, messaging, internet access, and Bluetooth connectively. This increased connectivity also opens doors to these devices being taken over and abused by attackers. The researchers explain most of these smart devices feature two channels of connectivity. Firstly, the connectivity between a smartphone user and the device itself is established over Bluetooth Low Energy (BLE), with the user running the smart toy's app. Secondly, the communication between a remotely located sexual partner and the app controlling the device is established over the internet. To bridge the gap between one's distant lover and the sex toy user, smart sex toys, like any other IoT device, use servers with API endpoints handling the requests. "In some cases, this cloud service also acts as an intermediary between partners using features like chat, videoconferencing and file transfers, or even giving remote control of their devices to a partner," explained Bilić and Pastorino in a report. But, the researchers state that the information processed by sex toys consists of highly sensitive data such as names, sexual orientation, gender, a list of sexual partners, private photos and videos, among other pieces, which, if leaked can adversely compromise a user's privacy. This is especially true if sextortion scammers get creative after getting their hands on such private information. More importantly, though, the researchers express concern over these IoT devices being compromised and weaponized by the attackers for malicious actions, or to physically harm the user. This can, for example, happen if the sex toy gets overheated. "And finally, what are the consequences of someone being able to take control of a sexual device without consent, while it is being used, and send different commands to the device?" "Is an attack on a sexual device sexual abuse and could it even lead to a sexual assault charge?" Bilić and Pastorino further stress. To demonstrate the seriousness of these weaknesses, the researchers conducted proof-of-concept exploits on the Max by Lovense and We-Vibe Jive smart sex toys. Both of these devices were found to use the least secure "Just Works" method of Bluetooth pairing. Using the BtleJuice framework, and two BLE dongles, the researchers were able to demonstrate how a Man-in-the-Middle (MitM) attacker could take control of the devices and capture the packets. The attacker can then re-broadcast these packets after tampering with them to change settings like vibration mode, intensity, and even inject their other commands. Likewise, the API endpoints used to connect a remote lover (sexual partner) to the user make use of a token which wasn't awfully hard to brute-force. Want more visit OUR FORUM.

After spending more than a decade building up massive profits off targeted advertising, Google announced on Wednesday that it’s planning to do away with any sort of individual tracking and targeting once the cookie is out of the picture. In a lot of ways, this announcement is just Google’s way of doubling down on its long-running pro-privacy proclamations, starting with the company’s initial 2020 pledge to eliminate third-party cookies in Chrome by 2022. The privacy-protective among us can agree that killing off these sorts of omnipresent trackers and targeters is a net good, but it’s not time to start cheering the privacy bona fides of a company built on our data—as some were inclined to do after Wednesday’s announcement. As the cookie-kill date creeps closer and closer, we’ve seen a few major names in the data-brokering and adtech biz—shady third parties that profit off of cookies—try to come up with a sort of “universal identifier” that could serve as a substitute once Google pulls the plug. In some cases, these new IDs rely on people’s email logins that get hashed and collectively scooped up from tons of sites across the web. In other cases, companies plan to flesh out the scraps of a person’s identifiable data with other data that can be pulled from non-browser sources, like their connected television or mobile phones. There are tons of other schemes that these companies are coming up with amid the cookie countdown, and apparently, Google’s having none of it. “We continue to get questions about whether Google will join others in the ad tech industry who plan to replace third-party cookies with alternative user-level identifiers,” David Temkin, who heads Google’s product management team for “Ads Privacy and Trust,” wrote in a blog post published on Wednesday. In response, Temkin noted that Google doesn’t believe that “these solutions will meet rising consumer expectations for privacy, nor will they stand up to rapidly evolving regulatory restrictions.” Based on that, these sorts of products “aren’t a sustainable long term investment,” he added, noting that Google isn’t planning on building “alternate identifiers to track individuals” once the cookie does get quashed. What Google does plan on building, though, is its own slew of “privacy-preserving” tools for ad targeting, like its Federated Learning of Cohorts, or FLoC for short. Just to get people up to speed: While cookies (and some of these planned universal ID’s) track people by their individual browsing behavior as they bounce from site to site, under FLoC, a person’s browser would take any data generated by that browsing and basically plop it into a large pot of data from people with similar browsing behavior—a “flock,” if you will. Instead of being able to target ads against people based on the individual morsels of data a person generates, Google would allow advertisers to target these giant pots of aggregated data. We’ve written out our full thoughts on FLoC before—the short version is that like the majority of Google’s privacy pushes that we’ve seen until now, the FLoC proposal isn’t as user-friendly as you might think. For one thing, others have already pointed out that this proposal doesn’t necessarily stop people from being tracked across the web, it just ensures that Google’s the only one doing it. This is one of the reasons that the upcoming cookiepocolypse has already drawn scrutiny from competition authorities over in the UK. Meanwhile, some American trade groups have already loudly voiced their suspicions that what Google’s doing here is less about privacy and more about tightening its obscenely tight grip on the digital ad economy. To learn more turn your attention to OUR FORUM.

It may have taken some time, but 5G is slowly starting to build momentum in the US. All major carriers now have nationwide 5G deployments covering at least 200 million people, with T-Mobile in the lead covering over 270 million people with its low-band network at the end of 2020. Verizon ended the year with a low-band network that covered 230 million, while AT&T's version reached 225 million. Next-generation networks from all the major carriers are set to continue to expand in the coming months, laying the foundation for advancements such as replacing home broadband, remote surgery, and self-driving cars that are expected to dominate the next decade. But with all that activity by competing carriers, there are myriad different names for 5G -- some of which aren't actually 5G. The carriers have had a history of twisting their stories when it comes to wireless technology. When 4G was just coming around, AT&T and T-Mobile opted to rebrand their 3G networks to take advantage of the hype. Ultimately the industry settled on 4G LTE. One technology, one name. Differing technologies and approaches for presenting 5G, however, have made this upcoming revolution more confusing than it should be. Here's a guide to help make sense of it all. When it comes to 5G networks, there are three different versions that you should know about. While all are accepted as 5G -- and Verizon, AT&T, and T-Mobile have pledged to use multiple flavors going forward for more robust networks -- each will give you different experiences. The first flavor is known as millimeter-wave (or mmWave). This technology has been deployed over the course of the last two years by Verizon, AT&T and T-Mobile, though it's most notable for being the 5G network Verizon has touted across the country. Using a much higher frequency than prior cellular networks, millimeter-wave allows for a blazing-fast connection that in some cases reaches well over 1Gbps. The downside? That higher frequency struggles when covering distances and penetrating buildings, glass, or even leaves. It also has had some issues with heat. Low-band 5G is the foundation for all three providers' nationwide 5G offerings. While at times a bit faster than 4G LTE, these networks don't offer the same crazy speeds that higher-frequency technologies like millimeter-wave can provide. The good news, however, is that this network functions similarly to 4G networks in terms of coverage, allowing it to blanket large areas with service. It should also work fine indoors. In between the two, mid-band is the middle area of 5G: faster than the low band, but with more coverage than millimeter wave. This was the technology behind Sprint's early 5G rollout and one of the key reasons T-Mobile worked so hard to purchase the struggling carrier.  The company has worked diligently since closing the deal, quickly deploying its mid-band network across the United States. The company now covers over 100 million people with the faster service, with a goal of reaching 200 million people before the end of 2021. T-Mobile has said that it expects average download speeds over the mid-band network to be between 300 to 400Mbps, with peak speeds of 1Gbps. While T-Mobile, AT&T, and Verizon have plenty of low-band spectrum, mid-band has previously been used by the military, making it a scarce resource despite its cellular benefits. Thankfully even with the name change in marketing and ads, the icons on phones and devices will remain the same. "Our customers will see a simple 5G icon when connecting to the next-generation wireless network, regardless of which spectrum they're using," said a T-Mobile spokesman. Complete details can be found on OUR FORUM.