In this episode of Cubs Out Loud, it’s another installment of Let’s Talk About Sex. The cubs are joined by the adorkable Tony aka Cubziz to discuss sex toys and internet security. While it seems like an odd topic of sexual discussion, listen in as Tony and the guys break down how safe (and potentially unsafe) our pleasure devices can be. From hacking the system to displaying your location, the cubs give you the lowdown on your toys and grant you insight on how to keep yourself safe when you’re looking to get off.

Show Topic

Lets Talk About Sex: Internet Security

In today’s tech age, how safe are the newest ways we enjoy ourselves alone and with others? Are the ‘internet of things’ sex toys secure? Can they be hacked? Let’s talk about that.

——————

Initially this was brought up in a TED Talk by Ken Munro “We need to talk about sex toys and cyber security”, posted to Youtube back in April.

Points to mention:

• Ethical Hacking
• Comfort when talking about Sex and Safety
• IoT tends to get ignored regarding safety
• Location Data is rarely considered as a security risk, especially for IoT, but these devices identify themselves.
• He avoids talking about specific toy brands. I will use brand names as that is what people are familiar with, but I cannot correlate his research with those specific brands, so don’t use my references to interpret what HE found in his research. (IE I’m translating for a different crowd, so I’m trying to make it easier without dancing around toy names.)

Scenario: IML

Cock Cages, Shock Collars, Vibrators, Butt Plugs, TENS, Cock Rings, etc.

Imagine if suddenly the entire hotel is filled with screams as every device is cranked to max and then the wireless capabilities are disabled (so they cannot be disabled remotely). Imagine the chaos. And it’s all radio frequencies.

Type of service:

• Cloud – Internet/Cloud based. May use Wifi to talk directly to device, but usually do through phone. Examples: Hush, Cellmate, Pavlok.
• Local – Control is local only, no cloud/internet server involved. Common with “knock off” devices which don’t have the back end devices. Examples: Wireless remote devices with no phone app involvement.
• Other – Intelligence in the device. Example: Dog shock collar when a loud noise is heard.

Why is this important?

• Answer: How does it fail on a loss of connection? Loss of service entirely? Can it be “seen”? Can it be “replayed”? And is there an emergency OFF?
  • Cloud services are internet based and as such can be blocked, hacked, go down. Does the device fail open or closed? (Fail open = Powered off. Fail closed = In an ON state.) Imagine if your ISP decided to start blocking adult content and your cock cage is now permanently locked on and you don’t even realize the ISP is blocking that traffic on cellular to your phone. Thankfully this traffic is ALMOST always encrypted as most devices are using HTTPS at this point, but not always.
  • Bluetooth can be blocked as it sits on the same frequencies as Wifi in the 2.4Ghz realm. (Wifi can go into the 5Ghz range as well though.) Wifi “jammers” are cheap. Bluetooth “jammers” are more difficult as you must be closer. But flooding is still flooding. Bluetooth does have SOME encryption, but it isn’t impossible to break but they do tend to identify themselves. ESPECIALLY if your device can be hacked (laptop, tablet, phone).
  • Local – MORE difficult, but rarely encrypted as a result. Software defined radios can usually allow replay attacks. (Thing of recording and replaying a command to turn on and go to 11. A replay attack allows that to be rebroadcast and do the same actions again. IE no encryption or tokenization.)

Location Data Issues:

• Cellular – Allows devices to have a by-the-moment track of where you are located. Some applications provide Google Maps level details on where they are located. Imagine being in a church and setting off the electrified cock cage. 😛
• Wifi – Limited to areas with Wifi, obviously, but how many of us at home disable devices? 
• Bluetooth – CAN be used to determine location, but more specifically it tells someone that THIS DEVICE is located within 100 ft.

Why is location data an issue? Imagine traveling for work and being sent to a nation which executes gay men. And your cock cage is advertising all over.

Also a danger because, for example, Fitbit used to track GPS routes to “demonstrate” your running path, but also included things like times for passing certain points. Imagine someone wanted to setup an attack (physical) using this. They’d know EXACTLY where you paused for a breath, where you were most tired and started walking, where you lost cellular signal and where it caught back up. And all of this data was public for a while… yet even after it was locked down, many people SHARE this because they want the feedback from others. Convenience will always block security.

Should you be concerned?

• ALWAYS figure out what happens if you lose connection. Determine how long this is? IE if the server doesn’t respond for a week, does it auto-unlock? Or will it stay engaged forever?
• ALWAYS know how to respond should it go badly. Usually is just taking the device off.
• Don’t just assume it is malicious… Microwaves screw up Bluetooth and Wifi for example, so your sub might be in the sling screaming while you went to nuke lunch for the two of you. They’re not screaming because they’re hungry.
• ALWAYS have a backup. Example: CODEX for cock cage. 

Sample Devices/URLs:

• Software Defined Radios
  • Nooelec NESDR Mini 2+: Nooelec NESDR Mini 2+ 0.5PPM TCXO USB RTL-SDR Receiver (RTL2832 + R820T2) w/ Antenna
  • Nooelec HackRF: HF Bundle: HackRF One – Software Defined Radio
• Toys
  • Vive Wireless TENS: Amazon.com: Vive Wireless TENS Unit – Muscle Stimulator Pads for Pain Relief Therapy – Electronic Pulse Massager for Legs, Abdominals, Back, Hip and Feet
  • PatPet 301: PATPET Dog Training Collar Dog Shock Collar with Remote, 3 Training Modes, Beep, Vibration and Shock, Up to 1000 ft Remote Range, Rainproof for Small Medium Large Dogs
  • Lovense Hush Plug
  • Lovense Edge 2
  • Qiui CellMate 2: CAG.INK Chastity Cage SHORT MODEL [Previously named as Cellmate 2.0] – Qiui.store
  • Qiui Pear Flower Butt Plug: (So confused, seemed to no longer be avail, but also unannounced.)

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | RSS