Breaking the Internet of Vibrating Things : What We Learned Reverse Engineering Bluetooth- and Internet-Enabled Adult Toys

DEF CON 24

Presented by: follower, goldfisk
Date: Friday August 05, 2016
Time: 16:00 - 16:25
Location: Track Three

The Internet of Things is filled with vulnerabilities, would you expect the Internet of Vibrating Things to be any different? As teledildonics come into the mainstream, human sexual pleasure has become connected with the concerns of privacy and security already familiar to those who previously only wanted to turn on their lights, rather than their lover. Do you care if someone else knows if you or your lover is wearing a remote control vibrator? Do you care if the manufacturer is tracking your activity, sexual health and to whom you give control? How do you really know who is making you squirm with pleasure? And what happens when your government decides your sex toy is an aid to political dissidents? Because there’s nothing more sexy than reverse engineering we looked into one product (the We-Vibe 4 Plus from the innocuously named "Standard Innovation Corporation") to get answers for you.

Attend our talk to learn the unexpected political and legal implications of internet connected sex toys and, perhaps more importantly, how you can explore and gain more control over the intimate devices in your life. Learn the reverse engineering approach we took--suitable for both first timers and the more experienced--to analyze a product that integrates a Bluetooth LE/Smart wireless hardware device, mobile app and server-side functionality. More parts means more attack surfaces! Alongside the talk, we are releasing the "Weevil" suite of tools to enable you to simulate and control We-Vibe compatible vibrators. We invite you to bring your knowledge of mobile app exploits, wireless communication hijacking (you already hacked your electronic skateboard last year, right?) and back-end server vulnerabilities to the party. It’s time for you to get to play with your toys more privately and creatively than before.

Please note: This talk contains content related to human sexuality but does not contain sexually explicit material. The presenters endorse the DEF CON Code of Conduct and human decency in relation to matters of consent--attendees are welcome in the audience if they do the same. Keep the good vibes. :)

follower

follower talks with computers and humans. Six years after first speaking at DEF CON about vulnerabilities in the Internet of Things, the fad hasn’t blown over so is back doing it again. An interest in code and hardware has lead to Arduino networking and USB projects and teaching others how to get started with Arduino. Tim O'Reilly once called follower a ‘troublemaker’ for his Google Maps reverse engineering. Twitter: @rancidbacon

goldfisk

goldfisk spins fire by night and catches up with computer science lectures, also by night. And wishes headphone cables would stop getting caught on stuff. An interest in reverse engineering can be blamed on a childhood playing with electronics and re-implementing browser games in Scratch. Twitter: @g0ldfisk


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats