Alex Lomas of security company Pen Test Partners has discovered that he could relatively easily search for and hijack BLE-enabled (Bluetooth Low Energy) sex toys, a pursuit he named “screwdriving” (after the Wi-Fi network finding practice of “wardriving”): reverse-engineering the control messages between apps and a number of devices was not terribly difficult, as the communications between the apps and the toys were not encrypted and could easily be recorded with a packet capture tool.



BLE isn’t difficult to attack. We gave a short demo and explanation at BSides Manchester this year. There are some good guides and tools out there, but the consequence of compromise isn’t often particularly significant. However, one category of smart device we found that often had weak BLE security were smart sex toys. You’ll doubtless know that we were shocked how easy it was to hijack a wi-fi camera dildo, we updated this work at SteelCon and reviewed a number of smart adult toys that used Bluetooth.

Discussion

Source: [H]ardOCP – “NSFW” Doesn’t Begin to Describe Bluetooth Security in Sex Toys