Hackers prove smart vibrator can be remotely activated and collect data while you use it

As the Internet of Things market continues to grow, promising users an easier, more connected life, the host of dangerous security dilemmas that come with smart gadgets are all too real. Time and time again, hackers have proven that these handy devices can potentially be hacked - from trucks and fridges to pacemakers. Now, two independent hackers from New Zealand have proven that the We-Vibe 4 Plus, a Bluetooth-enabled vibrator, can also be breached, activated and controlled remotely as well.

Touted as the "No 1 couples vibrator" by its makers, the We-Vibe 4 Plus can be combined with an accompanying We-Connect iOS or Android app, allowing one's partner to remotely control the sex toy using an internet connection.

The hackers, who go by the handles goldfish and follower, demonstrated the breach at the Def Con hacking conference in Las Vegas during their talk, "Hacking the Internet of Vibrating Things." According to the duo, the connection between the controlling app and the device is not secure, giving cybercriminals ample opportunity to intercept the pleasure gadget with a paired smartphone.

They revealed that when the We-Vibe 4 Plus is in use, the device also sends some intimate information about its users to the manufacturer, Standard Innovation, including the device's temperature and every time a user adjusts the gizmo's intensity level.

According to the company's privacy policy, they "reserve the right to disclose your personally identifiable information if required by law".

"What are the implications of who they're going to give that data to," goldfisk said, the Guardian reports. "In their privacy policy, they say 'we reserve the right to disclose your personally identifiable information if required to by law', but what does that actually mean?"

The stimulating device's makers, however, maintain that the data collected is for "market research purposes".

"At We-Vibe, we strive to create innovative products that have our customers' preferences in mind," Frank Ferrari, president of Standard Innovation Corporation, said in a statement to Fusion. "We-Vibe collects data on the use of its products in terms of vibration intensity and mode for market research purposes so that we can better understand what settings and levels of intensity are most enjoyed."

IBTimes UK has reached out to Standard Innovation for comment.

"The company that makes this vibrator, Standard Innovation: They have over two million people using their devices, so what's at stake is two million people," follower said, the Guardian reports. "A lot of people in the past have said that it's not really a serious issue, but you come back to the fact that we're talking about people, unwanted activation of a vibrator is potentially sexual assault."

The hackers have also called on sex toy manufacturers to sign up for Private Play Accord, encouraging them to implement basic standards of security and privacy.

Technology research firm Gartner predicts that over 25% of identified cyberattacks will involve the connected universe of IoT by 2020. By the end of 2016, around 6.4 billion things will be connected to the internet and grow to 20.8 billion by 2020, the firm estimates.