Smart Sex Toy Maker Sued For Tracking Woman's Intimate Habits

Smartphone apps are great, but as one Illinois woman came to realize, they probably shouldn't be in the bedroom.

Referred to only by the initials N.P., one woman filed a class action suit in Chicago when she realized the manufacturer of her smartphone-paired vibrator was receiving some very intimate information about her personal habits.

The We-Vibe, from Ottawa-based Standard Innovation, can be paired with a user's smartphone to unlock special vibration modes, create custom playlists, and chat with another user via video or voice. The smartphone-paired vibrator also tracks that information for marketing purposes and sends that data to the manufacturer of the smart sex toy, N.P. told Court House News.

"[Customers' most intimate details are at stake,] including the date and time of each use, the vibration intensity level selected by the user, the vibration mode or pattern selected by the user, and incredibly, the email address of We-Vibe customers."
Smart sex toys are vulnerable to hacking. (Photo by Rob Kim/Getty Images for Tribeca Film Festival)
[Photo by Rob Kim/Getty Images for Tribeca Film Festival]

That's not OK with N.P., who accuses Standard Innovation of consumer fraud, unjust enrichment, intrusion upon seclusion, and violating the federal Wiretap Act and the Illinois Eavesdropping Statute. She's asking for punitive damages from the manufacturer of the smartphone-paired vibrator, according to Court House News.

"[Standard Innovation's] conduct demonstrates a wholesale disregard for consumer privacy rights and violated numerous state and federal laws."
Standard Innovation claims to use the information in a way that keeps the user anonymous and says it needs the data to improve the device. The company hasn't responded to the lawsuit, but they did post a comment to their company blog entitled "Our Commitment to Customer Privacy and Security." In it, the company says users aren't required to register their device or provide personal information to use their products; they also promised to give customers the option of opting-out of such market research in the future.
The whole story started last month when two security researchers known only as followr and g0ldfisk found hackable flaws in the We-Vibe smartphone-paired vibrator that would let someone else take over the device while it's in use.

Then, they took a closer look at what kind of information the company was receiving from the device and presented their findings at Defcon, an annual hacking event in Las Vegas, reports CNet.

"Do you want these people looking at [information like] what patterns you like? What intensity you like?"
Any hacker looking to take over control of a smartphone-paired We-Vibe vibrator would need to be very close to the person using it, in the same room.

Security experts say smart sex toys are vulnerable to hacking. (Photo by Adam Berry/Getty Images)
(Photo by Adam Berry/Getty Images)

At this point, it's safe to assume that most everything is hackable, and while a hacked vibrator isn't that dangerous, the data stolen from the smartphone app paired with it could be.

Researchers at Pen Test Partners, like security expert Ken Munro, recently monitored the web traffic of various smartphone-paired sex toy manufacturers and discovered some sites didn't encrypt their data so anyone could potentially access it.

They also examined the apps controlling the sex toys and found that at least one writes to external storage, like an SD card, which makes that information vulnerable to theft or hacking, Munro told Motherboard.

"Imagine if you were having a …. session and there was video and that was written to this same external storage area as temporary files. Temporary files are overwritten, but not completely, not always, and not always completely. So if I … access your SD card, I've potentially got access to your rather personal video session."
What do you think of the woman suing the manufacturer of her smartphone-paired vibrator?

[Photo by Peter Macdiarmid/Getty Images]