Posted in:

Tips to stay safe while using your dating apps in the opinion of Alessandro Bazzoni

The known company ESET, continues its work against cybercrime and in this new investigation they expose how you can be victim of several malicious attacks while using dating sites or apps to share sexual content, but it doesn’t end there. We are also talking about smart sexual toys and how sells for this have skyrocket with the global pandemic situation we live in.

According to Alessandro Bazzoni, the sales of sex toys decreased considerably, but February was a good month for this industry. As Valentine’s Day approached, sells increased considerably and also popularity of these toys that shows the need for intimacy between couples and also between strangers since dating apps and sexting applications are now a thing.

This new trend is named “sexnology”. This term is a combination of sex and technology and the leading company ESET highlights how to protect yourself from cybercriminals that might end up causing more harm than before by putting in danger your privacy and security.

Now let’s talk about smart toys…

What are the so-called smart toys?

The new generation of sexual toys have such a wide range of functions. Between the things you can do with them is grant remote control of your device to other people and they manage it through mobile apps, browsers and computers. 

But it doesn’t end there. The user can also participate in group chats, send multimedia messages, video conferencing, synchronize vibration patterns with a playlist of songs or audiobooks, and connect the devices to a smart voice assistant such as Alexa.

The application connects using Wi-Fi or mobile operator to a server in the cloud, which stores the person’s account information and multimedia files and is of course responsible for enabling the main functionality, like chatting and / or video conferencing.

We can say that… we never thought technology would be THIS advanced. However, it is and this provides a “solution” to the loneliness that this pandemic can cause. 

But technology can also be the transport to malicious intentions. 

Possible malicious attacks

There are three types of malicious attacks that can occur while using these smart toys. The scenarios of these attacks would be:

  1.  Execute malicious code on the device: The attacker could try to modify the code that runs inside the device (its firmware) to perform malicious actions. In some cases, it could use the compromised device like a zombie, ordering the victim to send more malicious commands to other users in the contact list, or attempting to cause physical harm to the user, for example by overheating the device.
  2.  Intercept communications and steal data: The information processed by these devices and applications is extremely sensitive: names and contact information, sexual partners, as well as intimate photos and videos. In addition, information about the use of the device that reveals part of the sexual preferences, such as the patterns of use or the hours of use. In case of theft, this data could be used against the victim, exposing her privacy or even in sextortion campaigns.

The attacker could also exploit vulnerabilities in the protocols used to collect information or even connect to the device by circumventing poor authentication mechanisms. In a scenario where someone takes control of a sexual device without the user’s consent while using it, and even sends different commands to the device. 

  1.  Perform a denial-of-service attack: This would prevent the user from sending any command to the toy. For example, last year a popular chastity belt was found to contain vulnerabilities that would have allowed an attacker to remotely lock the device, preventing the user from unlocking it. In fact, this led to attacks in which the attacker first locked the devices and then asked for a ransom to unlock them. This also shows how important security and privacy is on sex-related platforms.

It all sounds really scary and technical and might be a motivation to stay outside of this world, but the idea is to create awareness of the issues so we can prevent them instead of avoiding the industry.

There are many ways you can prevent these types of attacks and the leading company ESET shares a few tips you can take to protect yourself. 

How to protect yourself from these attacks?

As a first tip, avoid sharing photos or videos in which you can be identified. Do not publish remote control tokens on the Internet. Also, avoid registering in applications using an official name or an email address that allows you to be identified.

Always use remote control sex toys in a protected environment and avoid using them in public places or places with high traffic, such as bars or hotels. Also, while using the toy, keep the app connected to it, as this prevents the device from announcing its presence.

You also need to make sure you buy a device that is safe and comes from a reputable manufacturer. Do some research on the safety aspects of the device; for example, using search engines to find out if the toy has a history of serious vulnerabilities. If so, check for patches available and for frequent updates from the developer. 

Regarding dating apps, some security recommendations are:

Try to share as little as possible and only what is necessary. Pay special attention to the permissions that are being granted to the application, many may request more information than name or email address. Also, be careful when sharing sensitive information like your location.

Be careful of fake profiles. Make sure there is a real person on the other side of the app. For that you can use the reverse image search on Google to verify that the images do not belong to someone else or if they are used on other websites.

Stay vigilant to possible scams. Do not be tempted to take the conversation to other platforms outside of the application, because this is one of the most common techniques used by scammers. 

Alessandro Bazzoni explains that as in any other site or social network, secure the profile. Use strong and unique passwords for each platform and enable double factor authentication whenever possible.

Which of these recommendations are you going to start applying?