Sex Toy Company Confesses to Recording Users' Sessions Without Their Knowledge

A sex toy maker admits a bug in their software inadvertently caused a user's remote sex session to be recorded and saved on their phone. The error was pointed out by a Reddit user who said that audio was recorded without their permission whilst using the Lovense remote control vibrator app 'Lovense Remote'. A six-minute audio file was created during use of the app, the data was stored in the app’s local folder on the user's phone.

Company admits to 'minor bug'

The Reddit user admitted they had given the app access to their phone's mic and camera but only for on app-communication and not to constantly record during the app’s use. Other users of the Lovense Remote application confirmed that they had similar experiences. In response to the Reddit user's claims, a person reporting to be a Lovense company spokesman called the recording a ‘minor bug’. They went on to say the bug only affected Android users and that no information or data was lifted from the phone and kept by the company's servers.

A formal email to online media outlets confirmed the Reddit user was a company spokesperson. The email read: “As explained in the thread I linked above, we do not store any audio files on our servers. For sound feature to work, we have to create a local cache file. This file is supposed to be deleted in the end of each session but because of a bug in the last version of our Android app, the file wasn't deleted successfully. With this bug, the cache file was stored on the user's device until the next session where the new session overwrites on the previous cache file.” The company says the bug has now been fixed and that any temporary audio files are deleted at the end of each user's session.

Lovense butt plug hacked by researchers

Lovense hasn’t had a good run recently.

[see-also]

Earlier this month, hackers looking to educate people on the possible flaws in connected devices hacked one of the company's butt plug products via its Bluetooth functionality. The Lovense Hush, butt plug, which the company claims is the "the world's first teledildonic butt plug", was the subject of internet security researchers who were looking to demonstrate the vulnerability of ‘smart’ and connected objects.

The researchers were able to hack the toy using a process called "screwdriving" that connected their smartphones to the product via Bluetooth Light Energy (BLE) chips. These types of chips are very common in Bluetooth devices that don’t require high security to ensure the battery use of the item stays low. The targeted company brushed off the hack with a statement on its website saying: "This is common in nearly all wearable or Bluetooth sex toys and the current industry standard as well as an upgrade over the older 3.0 version.”

The company also points out you’d not only have to be a very talented hacker to access the butt plug, you’d need to be standing very close to your target. So while the researchers make a relevant point about internet security, worrying about your remote sex toys is pretty low on the list of concerns.