EuroSTAR Conference

Europe's Best Software Testing Conference

Keynote 4

The Cyber Security of Smart ‘Adult’ Toys – or Lack of it!

Ken Munro

Jo Dalton

16:45-17:45 CEST Thursday 15th June

This is a challenging subject to cover, as there are some very real social and societal issues around this subject that make it difficult to address in a public talk. I’ll deal with this sensitively.

For example: smart adult toys are widely used in the military, as couples are often separated when posted overseas. These toys allow for an intimate relationship to continue, despite being physically separated. I’m certain that many marriages and relationships have been saved as a result.

However, the poor cyber security of these toys therefore exposes the safety and security of military personnel

Some toys are aimed at the LGBT markets. Homosexuality is illegal in some countries, yet some of these toys expose the exact GPS location of the user to anyone with some very basic hacking skills.

Most of these toys use Bluetooth. It’s possible to identify whether your neighbours are using these devices; all it takes is a mobile phone to discover whether your neighbours or anyone nearby uses them. The degree of privacy invasion resulting from poor security of these toys is quite shocking.

Some toys use Wi-Fi and contain cameras. We’ve shown that it’s trivial to access camera footage.

It’s also possible to remotely take control of these devices in some cases, but that’s not a major issue in my opinion.

Finally, we discovered a smart chastity device some time back. It was possible to take control over the internet and ‘lock’ the device to prevent the user releasing themselves. Again, GPS data of the wearer was available.

There is hope – the manufacturers of these devices are slowly improving their security, but not fast enough in my opinion

I will be bringing a number of these toys with me in order to demonstrate the problems with them.

Hope that works! The talk will be quite edgy & hopefully entertaining, but informative and sensitive too.

What you will learn

  1. Why validating input and output is so critical
  2. Why authentication isn't the same as authorisation and where it often goes wrong
  3. and... er... which smart adult toys not to use

Session Details

  • For All
  • 1 Hour
  • Includes 15mins Q&A
  • Software Testing
Buy Conference Ticket

Session Speakers

Ken Munro EuroSTAR 2023 Speaker

Ken Munro

Partner – Pen Test Partners, UK

IoT security is something of a conundrum. The team at Pen Test Partners publish independent research in to the security of numerous smart devices, exposing poor security practice by device manufacturers. Sadly, it’s often consumers that are the victims of this inattention to security.
Ken looks after vulnerability disclosure at Pen Test Partners and influences government policy on IoT cyber security. Whilst some disclosures are successful, the majority are a train wreck. Watching vendors try to ignore contact from researchers, fumble or try to silence the process led him to working with regulators in an effort to fix the problems at source. He considers carrot and stick are the only way to resolve smart product security.
The work of his team on My Friend Cayla, the vulnerable talking kids doll, was cited as one of the catalysts for California Senate Bill 327, regulating IoT security for California residents. He’s briefed US government departments and spoken at TEDx, DEF CON villages, RSA, Black Hat, BSides and numerous other security events. If you want his attention, just market your smart device as ‘unhackable’. Ken is also a member of the CVE Board.

Session Co-Speaker

Jo Dalton

Associate Partner – Pen Test Partners, UK

Jo has worked in Cyber Security for over 15 years and has co-ordinated thousands of assurance and testing projects with clients around the globe. Jo can easily translate areas of serious business risk into relatable topics, while demonstrating how they can be reduced or avoided. From the challenges of the unregulated IoT market to the dangers of remote working on trains; Jo has an informed opinion. Jo speaks publicly; and blogs on various channels on the wider issues of SCADA and ICS Risks, Security Awareness, IoT Security, Cyber Security involving Children and Family. She has spoken at a range of events e.g. EEMUA Industrial Cyber Security Seminar, IP EXPO Manchester, and StocExpo Europe.

BACK TO PROGRAMME

Early Bird Offer

Get the best priced tickets for EuroSTAR 2024. Book by 21st April

Book a group and save even more. Teams save up to 35% with this offer.

Individual

From €1,790

Save 10%

BOOK TICKET

Groups

From €1,519

Based on 10 Tickets

Book Group

Stay in the Loop

We want to ensure you never miss important announcements, updates and special offers from EuroSTAR.