This site uses cookies, tokens, and other third party scripts to recognize visitors of our sites and services, remember your settings and privacy choices, and — depending on your settings and privacy choices — enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

By continuing to use our site or clicking Agree, you agree that CBS and our key partners may collect data and use cookies for personalized ads and other purposes, as described more fully in our privacy policy. You can change your settings at any time by clicking Manage Settings.

When it comes to internet-connected devices, I dare you to find something more intimate than a vibrator controlled by a smartphone app.

That's what Standard Innovation offers in its We Vibe 4 Plus, which pairs with a smartphone via Bluetooth and can be controlled by a partner, near or far. What could go wrong?

Well, two security researchers who go by the names followr and g0ldfisk found flaws in the software that controls the device. It could potentially let a hacker take over the vibrator while it's in use. But that's -- at this point -- only theoretical.

What the researchers found more concerning was the device's use of personal data. Standard Innovation collects information on the temperature of the device and the intensity at which it's vibrating, in real time, the researchers found.

"Do you want these people looking at [information like] what patterns you like? What intensity you like?" asked followr during a presentation of the findings at the 24th annual hacking event in Las Vegas called Defcon.

The researchers found the software flaw and learned what kinds of data are being sent back to the company by taking the vibrator apart and studying the information it sends and receives. They also took a close look at the product's terms and conditions.

Denny Alexander, communications manager for Standard Innovation, said the company will fix the software vulnerability, which he said a hacker would need to be nearby to exploit.

Alexander also said the company will be clarifying its terms and conditions to explain in "plain language" how it uses information gathered from the vibrators. It will also let users opt out of sending data on how they use the device.

The company uses the information on temperature to make sure there aren't problems in the CPU chips that runs the devices, Alexander said. As for the intensity level, that's part of its market research.

"It is to understand how people use the products," he said. If everyone is always using the highest possible setting, "then perhaps we don't have a powerful enough device."

Most users don't register with the company, so any data the vibrator sends is automatically anonymous, he said. And those who are registered -- is their data tied to their names? Alexander said the information the company collects was "mostly" anonymized last week when the researchers gave their presentation. Now it is all anonymized.

Followr and g0ldfisk said they want to challenge the idea that terms and conditions on Internet-connected devices should be used by companies as cover for collecting as much information as possible, especially when it comes to sex toys.

"That's sort of dodgy," g0ldfisk said.

See comments

Tags

DIY Tech
How to tips and tricks for getting the most out of all your tech delivered to your inbox.
TECH TODAY
More From Security
More From CNET