Bitcoin reached a new all-time high of $118,900 on Friday, surpassing its previous record of $113,822 set on Thursday. As Read more
Selling software to companies can be a daunting task, especially when it comes to meeting security requirements. Chas Ballew, founder Read more
Earlier this week, San Diego startup Gallant announced $18 million in funding to bring the first FDA-approved ready-to-use stem cell Read more
The world’s richest man buys out one of the most popular social media platforms and uses it as a propaganda Read more
A security researcher has claimed that Lovense, a sex toy maker, has not completely resolved two security flaws that expose users’ private email addresses and allow the takeover of any user’s account.
The researcher, known as BobDaHacker, revealed details of the vulnerabilities after Lovense stated it would take 14 months to address the flaws without inconveniencing users of its older products.
Lovense, a major producer of internet-connected sex toys with over 20 million users, faced scrutiny for integrating ChatGPT into its products in 2023. However, the potential security risks of connecting sex toys to the internet could lead to real-world consequences like device lock-ins and data privacy breaches.
BobDaHacker found that Lovense was leaking users’ email addresses through the app. By manipulating network requests, they could link any Lovense username to the corresponding email address, potentially exposing customers with identifiable email addresses.
Another vulnerability discovered by BobDaHacker allowed them to take control of any Lovense user’s account using only their email address. This flaw enabled the creation of authentication tokens without a password, allowing remote access to accounts.
Lovense was informed of the bugs on March 26 through the Internet of Dongs project, aiming to enhance sex toy security. Despite receiving a bug bounty, BobDaHacker went public after disputes with Lovense over the timeframe for fixing the flaws.
Lovense stated that the account takeover bug has been resolved, with plans to patch the email disclosure bug in an upcoming update within a week. However, they did not commit to publicly informing customers about the vulnerabilities.
