Cybersecurity in sex toys: a unique opportunity and an incredible challenge

When you think of smart sex toys, an infamous movie scene that comes to mind is the vibrating panties scene in The Ugly Truth. When Mike gives Abby a pair of underwear that vibrate from pressing buttons on a small bullet-shaped remote, she decides that it would be a great idea to wear them to a work function that very evening. Needless to say, this was not the greatest choice as she inadvertently drops the remote and it is picked up by an unsuspecting child, who spends the evening playing with the remote and – unknowingly – Abby’s panties. 

While this was intended to be a comical scene, it starts a conversation about how safe connected sex toys are. As the Internet of Things (IoT) has proliferated, in 2021 the capabilities of smart sex toys are much more advanced than they were in 2009: this brings the smart sex toy market huge opportunities and challenges, specifically related to cybersecurity. 

Teledildonics are a type of sex toy that can be used remotely, connected through the Internet of Things (IoT). The term has been around since 1975, but it is only in the last decade that smart sex toys have become abundant in the sex technology market. This could be through a remote control that links to the sex toy, or through a mobile application that can be accessed from anywhere in the world as long as there is a functioning internet connection. These connected devices can be used for intimate solo experiences, or in couples (or groups) who might not be able to physically be with their partners as often as they would like. In today’s globalised world, there is huge demand for sex toys that use the IoT to enhance their relationship – and for people to harness intimate data to better understand their pleasure.

But these functionalities must raise some alarms. Cybersecurity in sex toys is a crucial aspect for companies to successfully engage the teledildonic market. To produce and sell smart sex toys, data privacy and security must be at the heart of product design and development. The difference between data privacy and data security is important: data privacy relates to protecting a person’s personal data, whereas data security refers to protecting the information system where a person’s data is stored. In the context of smart sex toys, data privacy is important to protect the data 

On its own, data is meaningless: it can be an array of numbers and symbols that mean nothing to the viewer. However, the dangerous part is when data becomes information – which be read and given meaning to by the viewer. For smart sex toys, this might be by linking an email address to the data and thereby making it identifiable; or by sourcing the meta-data categories that label the meaningless numbers and symbols, and determine that they actually refer to frequency of use or strength of vibration. If data privacy and security are not paramount, this could reveal an email address connected to how often a user enjoys their toy, and what settings they choose. A bit more digging by the hacker could uncover even more information than an email address.

Going back to The Ugly Truth, the vibrating panties scene points to a more sinister capacity for teledildonics that is only advancing as technological capabilities progress. Poor teledildonic data privacy or security could lead to someone being able to read something very intimate about their users , probably without their consent. There are serious issues of who might have access to intimate data – ranging from what they could see and understand, how this data might be used, and even non-anonymised. The worst case scenario would be someone then being able to control the sex toy: in The Ugly Truth, it was an unwitting child at a restaurant. But what about a hacker with bad intentions, or an abusive current or former partner who may wish to hurt or embarrass?

These are not unfounded fears: there is a history of poor cybersecurity in sex toys. For example, the Canadian company Standard Innovation was obligated to pay a settlement of 3.3 million euros to its customers because of poor data security in its We-Vibe product, which is a vibrator controlled by a Bluetooth-enabled mobile application. Within the application, data was connected by users’ email addresses and details such as user settings, frequency of use, and time of use was able to be easily hacked in an identifiable way. While this may sound comical, consider the power of this information to embarrass or hurt a person.

Nevertheless, teledildonics is an extremely innovative and promising business endeavour – and there is a huge demand for them. But cybersecurity is imperative for them to be products that their users can safely enjoy. Sex technology must incorporate mechanisms such as data encryption and GDPR compliance. Users must ensure that they connect their device with a secure internet connection. Essentially, to enjoy these products safely, users need control over their data and also to know that their data is safe from prying eyes. There are unique business opportunities in cybersecurity in sex toys: to capitalise on this, the risks of poor data privacy and security ought to be taken seriously.