Sextech, like any other category of technology, will always be a potential attack vector for actors with nefarious intentions, and this has played out most recently through the discovery of malware on a USB vibrator, despite it not having any sort of internet-related functionality.
First reported by Malwarebytes and on Reddit, a security software company, the attempted intrusion came via a customer device report that malware was blocked originating from a vibrator connected to a the computer via USB. The vibrator in question is Spencer’s Sexology Pussy Power 8-Function Rechargeable Bullet Vibrator, a $25 vibe with no ‘connected’ functionality.
The retailer Spencer’s told Malware that it was aware of the problem, suggesting that this was perhaps not an isolated incident.
The malware detected was Lumma, which attempts to steal data from browser extensions and cryptocurrency wallets. It is known to usually be sent via spam emails, rather than via USB.
Privacy and security, regarding control of sextech devices and user data, have come to the fore in recent years in the sextech industry with the emergence of Bluetooth and internet-connected devices. However, malicious software and virus transmission hasn’t been discussed so much.
What was particularly concerning was the fact that the vibrator in question wasn’t internet-enabled and was, in the words of Cyber Daily, a “pretty dumb device… it’s not connected to anything. It’s not connected to anything. It also doesn’t charge via a cable; instead, it features a direct USB connection – it’s effectively a vibrating thumb drive with no storage.”
Cyber Daily added: “This begs the question of where and how the device got loaded with the Lumma malware. It’s either been infected at the factory… but more likely, one of the components within the device was infected at its point of manufacture. If the malware was loaded on a pre-infected control chip, this is effectively a unique form of supply chain attack, and the infected chips could be in any number of other budget gadgets.”
Read Next: Privacy 101: How to keep your browsing and other online activity as private as possible // Best VPNs: Our top free and premium choices for streaming privacy
The prospect of malware-loaded chips being inserted into low-cost vibrators is concerning, and raises the issue of reporting and control. While much of the sextech industry discusses taboo-busting and empowerment, many users are still discreet about using their devices, and might not be so quick to seek professional help for malware issues derived from their vibrator.
Malwarebytes gave a few tips about how to reduce the risk of such an incident occurring, such as suggesting using an AC plug socket instead of a computer for USB charging, using ‘jack juice defender’ devices if you do connect a vibrator to your computer and, of course, using security software such as, say, Malwarebytes.
Leave a Reply