According to Gizmodo, the following very specific question recently was posed to Alex Lomas, a penetration tester with the British cybersecurity firm Pen Test Partners: “Can you find a Bluetooth-enabled butt plug in the wild, and can you turn it on without its owner’s help?”
Lomas says he was able to discover the answer to the question quite quickly.
“[He] pulled out his phone, consulted the detection app LightBlue, and quickly identified a Lovense Hush, purportedly ‘the most powerful vibrating buttplug on the market,’ that Lomas says was nestled in the rear end of a stranger,” the website reported.
So, this toy was vulnerable — totally “open to hacking by anyone who knew how.”
The discovery lead Gizmodo to posit how the law does, and could, address what happens if a sex toy actually is hacked in the real world.
The question needs an answer … quickly. After all, the world is filled with teledildonics — sex tech that can be controlled remotely — and sex toys that are app-ready.
Editor’s Note: A penetration test is an authorized, simulated attack on a computer system that looks for security weaknesses, potentially gaining access to the system’s features and data. A penetration test can help determine whether a system is vulnerable to attack and which defenses, if any, were defeated by the test attack.
Lomas coined the phrase “screwdriving,” a play on “wardriving”—“the drive-by stealing of other people’s wi-fi,” Gizmodo reported. So screwdriving is, essentially, the act of syncing with a sex toy and controlling its vibration.
“A consumer could venture out into the world, intending to have a secret erotic experience with one person, but end up having telesex with someone else entirely,” Gizmodo suggested. “But what kind of crime even is that — cyber, sex or some kind of hybrid? And is anyone … equipped to handle it?”
Hacking is a sex crime
Per Gizmodo, the definition of sexual assault includes “sexual contact or behavior that occurs without the explicit consent of the recipient.” So, the absence of consent via a hacked sex toy signal could be considered sexual assault.
“The typical definition of a felony-type sexual abuse is an unconsented-to penetration,” said Shanlon Wu, a defense lawyer in Washington D.C. and a former federal sex crimes prosecutor.
“Wu acknowledged some lawyers might get bogged down in the virtual aspect of the offense [if a hacked sex toy is involved], and view wearing a teledildonic device as blanket consent to its use,” Gizmodo reported. “But consent is not transferrable.”
What this means for you
Although this area of cybersecurity and type of privacy breach is new, be mindful about keeping your wi-fi network private and be conscious of your privacy and app activity. Know if something like this happens to you, you are not at fault — the hacker is.
A sex crime is never the victim’s fault.
Cosmopolitan recently asked a cybersecurity expert about their thoughts on the hackability of certain sex toys. To see their answers, click here.