Remote-controlled sex toys ‘vulnerable to attack by malicious third parties’

11 January 2025, 13:14

A remote-controlled sex toy
Pink g-spot vibrator with phone app control. Picture: PA

The combination of sex toys and technologies have multiple vulnerabilities, according to research.

Remote-controlled sex toys with Bluetooth connectivity could be vulnerable to attack or interception by malicious third parties, according to research commissioned by the Department for Science, Innovation and Technology.

They allow a device to be used in one location while being controlled by someone in another location.

The combination of sex toys and technologies have multiple vulnerabilities, which demonstrate “clear capacity to inflict physical and psychological harm on to unknowing consumers”, the research says.

Vulnerabilities include the Bluetooth connectivity that links the device with a companion app, it adds.

The research says: “Sex toys or ‘sexnologies’, the combination of sex and technologies, have multiple vulnerabilities and attack surfaces, demonstrating clear capacity to inflict physical and psychological harm on to unknowing consumers.

“Key technical vulnerabilities include their BLE (Bluetooth low energy) connectivity that links a companion app with the smart device.

“Often these connections are not encrypted, thereby rendering them more vulnerable to attack and/or interceptions from malicious third parties.”

Harm could be caused as the disclosure of sensitive personal information such as names, sexual or gender orientation, lists of sexual partners, information about device usage, or intimate photos and video, could be accessible via the apps that control the devices, the research says.

Cyberattacks could also cause physical harm, such as overheating the device, it adds.

Future concerns revolve around virtual reality (VR) and artificial intelligence (AI) powered sex robots, according to the research.

It says: “Future concerns about sexnology increasingly revolve around the capabilities of VR and AI powered sex robots that come with cameras, microphones, and AI voice analysis, all of which will need to be safeguarded against both physical and potential psychological harms.”

Connected sex toys, femtech, different apps, devices and sensors that aim to improve women’s health, and smart children’s toys, are among devices that are “under-regulated and thus under-secured” and “collect exceptionally sensitive data and therefore pose a high risk of harm to users, including psychological harm”, the research adds.

Vulnerabilities of smart children’s toys include device pairing with no authentication, which means anyone within radius with a Bluetooth device could pair with a toy to operate a microphone or camera, it says.

A spokesperson for the Department for Science, Innovation and Technology said: “The UK already has one of the most robust product security regimes in the world and research can help us identify new areas of vulnerability as technology develops and target policy work.

“We are committed to continue to bolster cyber defences to protect British people, which is why, later in the year we will be introducing the Cyber Security and Resilience Bill.”

By Press Association

More Technology News

See more More Technology News

Ellen Roome with her 14-year-old son Jools Sweeney

Parents suing TikTok over children’s deaths ‘want answers’

The Apple logo in the window of an Apple store

Home Office orders Apple to let it access users’ encrypted files – report

Ellen Roome with her son Jools Sweeney

Bereaved families file US lawsuit against TikTok over access to children’s data

The OpenAI logo appears on a mobile phone in front of a computer screen with random binary data

OpenAI taking claims of data breach ‘seriously’

There are concerns over how technology is aiding the abuse of women (Alamy/PA)

Deepfake abuse crackdown a ‘really important blow in battle against misogyny’

The Football Manager 25 logo on a light purple background

Football Manager 25 cancelled after delays

Football Manager 25 has been cancelled after being hit by delays

Football Manager 25 cancelled after several delays

Carsten Jung, head of AI at the IPPR, warned that politics 'needs to catch up' with the implications of AI (PA)

AI could replace 70% of tasks in computer-based jobs, study says

General view of IMI headquarters at Lakeside, Birmingham Business Park, Birmingham.

Engineering group IMI latest UK firm to be hit by cyber attack

A person's hands on the keyboard of a laptop

PSNI exploring use of AI to analyse mobile phone evidence

A screenshot of the homepage of AI chatbot DeepSeek, showing a warning message about new users being unable to register for the app

DeepSeek reopens new user sign-ups despite ongoing security concerns

A Google logo on the screen of a mobile phone, in Londons

Google axes diversity hiring targets as it reviews DEI programmes

A person’s hand pressing keys of a laptop keyboard

UK to get new cyber attack severity rating system

People working at computers

Capital raised by tech start-ups under Government scheme doubles

Xbox Series X and S games consoles

Currys launches Xbox console repairs programme

Hands typing on a keyboard

Military to fast-track recruitment of ‘cyber warriors’ as online threat grows