Internet of Dongs
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Subtitle |
| |
| Title of Series | ||
| Number of Parts | 165 | |
| Author | ||
| License | CC Attribution 4.0 International: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/39197 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
| |
| Keywords |
00:00
InternetworkingMusical ensembleRoundness (object)Lecture/Conference
01:13
Information security2 (number)Information technology consultingVulnerability (computing)
01:43
HypothesisUniverse (mathematics)WordMultiplication signPoint cloudMalwareCybersexStudent's t-testDigital rights managementLecture/ConferenceMeeting/Interview
02:39
InternetworkingInternet der DingeHypothesisAnalogySoftware testing
03:12
Semiconductor memorySoftware testingInternet der DingePlastikkarteHypothesisProduct (business)Category of beingVulnerability (computing)Lecture/Conference
03:55
Denial-of-service attackVulnerability (computing)Asynchronous Transfer ModeBit
04:20
Web serviceBlogPlastikkarteTelecommunicationAuthenticationLecture/Conference
05:05
Category of beingHypothesisLecture/Conference
05:37
INTEGRALInternetworkingLevel (video gaming)Flash memoryInternet der DingeLecture/Conference
06:49
InternetworkingMassAreaVirtualizationLibrary (computing)Term (mathematics)ComputerVirtual machineLecture/Conference
07:47
Multiplication signExpressionBitWebsiteOrdinary differential equationLecture/Conference
08:17
outputForm (programming)Function (mathematics)Lecture/Conference
08:47
InternetworkingVideo gameStatistical hypothesis testingSoftware testingVulnerability (computing)Lecture/Conference
09:21
Software testingStatistical hypothesis testingBitHypothesisVulnerability (computing)Real numberComputer animation
10:28
Software testingVulnerability (computing)HypothesisBus (computing)Medical imagingComputer animation
10:57
SmartphoneFront and back endsoutputMobile appLine (geometry)Product (business)Android (robot)DistanceComputer animation
11:23
Control flowSocial softwareFunction (mathematics)Local GroupComputer-generated imageryDigital mediaSoftware maintenanceReal numberMobile appMedical imagingOnline chatGroup actionElectronic mailing listSoftwareComputer animation
11:50
Mathematical analysisSoftwareComputer hardwareInformationMereologyBitSoftwareComputer hardwareVulnerability (computing)RandomizationInformationNumberRevision controlMultiplication signCASE <Informatik>Computer animation
12:23
InformationDirectory serviceContent (media)Computer fileDatabaseMetadataElectronic mailing listRootSide channel attackWeb 2.0Configuration spaceModule (mathematics)Directory serviceComputer fileContent (media)Integrated development environmentWeb pageDatabaseData storage deviceFile formatVideo gameRoutingComputer animation
13:25
DatabaseConfiguration spaceServer (computing)StrutMassContent (media)DatabaseInterface (computing)PasswordInternetworkingComputer animationLecture/Conference
13:50
Interface (computing)StatisticsDomain nameWeb serviceState of matterDatabasePort scannerInterface (computing)Web applicationMessage passingMedical imagingVideoconferencingAddress spaceComputer animation
15:03
Interface (computing)Social classMassPasswordSlide ruleHypothesisWeb pageSystem callVulnerability (computing)BitVideo gameComputer animation
15:58
Directed setObject (grammar)Vulnerability (computing)String (computer science)Object (grammar)Multiplication signAuthorizationIdentifiabilityComputer animation
16:33
AuthorizationProcess (computing)IdentifiabilityCASE <Informatik>Lecture/Conference
16:57
Directed setObject (grammar)PasswordSmartphoneNP-hardSoftware testingComputer animation
17:22
Directed setObject (grammar)Dependent and independent variablesServer (computing)AuthorizationMessage passingComputer-assisted translationPasswordDigital rights managementMedical imagingAuthorizationServer (computing)Computer animation
18:05
Limit of a functionAuthenticationMechanism designImplementationPasswordAuthenticationVulnerability (computing)CASE <Informatik>Different (Kate Ryan album)2 (number)PasswordHTTP cookieAuthorizationProcess (computing)Token ringBitInformationComputer animation
19:02
AuthenticationLink (knot theory)EmailMereologyAuthenticationImplementationRemote procedure callInformationRevision controlVulnerability (computing)EmailLink (knot theory)Mobile appRemote administrationLecture/ConferenceComputer animation
19:44
Control flowAuthenticationLink (knot theory)Random numberGame controllerEmailMusical ensembleMobile appInternetworkingComputer animation
20:21
Product (business)Vulnerability (computing)Information securityProcess (computing)Source codeSoftwareInternetworkingSchmelze <Betrieb>VideoconferencingInformationSoftware testingSocial classComputer-generated imageryDatabaseOrientation (vector space)EmailPasswordAddress spaceRange (statistics)AuthenticationNumberLink (knot theory)Reading (process)VideoconferencingInternetworkingLink (knot theory)Game controllerPlastikkarteSoftwareSmartphoneComputer animationDiagramXML
20:54
MassWebsiteLink (knot theory)Game controllerLine (geometry)2 (number)Hidden Markov modelXML
21:26
Information securityEmailMaxima and minimaQuadrilateralOffice suiteWebsiteSoftwareMassSoftwareMultiplication signVulnerability (computing)EncryptionInformation securityFood energyAuthenticationLevel (video gaming)Source codeXMLComputer animation
21:56
Category of beingRemote procedure callLevel (video gaming)MultilaterationWeb serviceWeb 2.0Revision controlFood energyCharacteristic polynomialBit
22:28
Information securityAsynchronous Transfer ModeMusical ensemblePairwise comparisonFloating pointPersonal identification numberUsabilityUsabilityFood energyKey (cryptography)Message passingMusical ensemblePairwise comparisonNumberInformation securitySchlüsselverteilungNumeral (linguistics)Multiplication signTask (computing)CountingForcing (mathematics)Computer animation
23:49
outputAndroid (robot)Information securityMobile appReal numberLecture/ConferenceComputer animation
24:17
Communications protocolMassVibrationLine (geometry)Mobile appVibrationComputer animation
24:49
Demo (music)BitMultiplication signProof theoryLine (geometry)Food energyComputer animationSource codeXML
25:18
Order (biology)Scripting languageObject (grammar)CASE <Informatik>PreconditionerDifferent (Kate Ryan album)Physical lawRandomizationTwitterBitExpert systemScripting languageSource codeComputer animation
26:29
Computer hardwareFirmwareInterface (computing)PlastikkarteFirmwareComputer hardwareSerial communicationBitVulnerability (computing)Interface (computing)Computer animation
27:18
AirfoilOpen sourceMeta elementPlastikkarteBitInternetworkingVolumenvisualisierungTwitterDifferent (Kate Ryan album)SoftwareOpen sourceProjective planeSoftware testingMetropolitan area networkFirmwareComputer animation
28:38
Semiconductor memoryLocal ringMusical ensembleSystem callVulnerability (computing)Remote procedure callTwitterMobile appGame theoryCuboidLine (geometry)InternetworkingLecture/ConferenceComputer animationMeeting/InterviewEngineering drawing
30:10
Level (video gaming)Term (mathematics)CASE <Informatik>WebsiteMusical ensembleUser profileBitTrailNumberGraph (mathematics)InformationMultiplication signDatabaseSoftware testingComputer animation
Transcript: English(auto-generated)
00:05
And I have one last announcement before we begin this talk.
00:22
This is a personal announcement to whoever slapped the sticker saying for rectal use only onto my microphone. Microphones are not supposed to be used this way.
00:42
Please trust me, I am very familiar with microphones. I know how they are supposed to be used. However, our next speaker is going to tell you about things that are supposed to be used this way. And about how to secure and protect those things.
01:05
So please welcome Vienna, and the talk you all came here to see, Internet of Dongs. A round of applause.
01:22
Okay, so, hello, everyone. My name is Vienna. I'm working for a security consultant, and besides penetrating all the things at the second vulnerability lab, I have been studying information security for the last five years at the University of Applied Sciences in Austria.
01:44
And about a year ago, I was facing a massive challenge. Some people might know this challenge. This challenge was to select a proper topic for my master thesis. You might know there are always those predefined topics by the universities.
02:05
Some of them are quite interesting. They are taken, yeah, most of the time quite fast by all the other students, and you are left with the boring topics. And I thought to myself, yeah, I don't want to stress myself, I just want to define a topic by myself. And that was the challenge. So the first thing I did to get a better overview of the topics was to take a look
02:25
at the topics my colleagues have chosen. I created a word cloud out of that. So we have basically all the interesting topics here. We have bitcoins, we have GDPR, we have cyber, cyber, cyber, we have DevOps, management, malware, but some of you might have already noticed it.
02:42
There is one topic missing at my colleague's thesis, which is very, very important in the year 2018, and that's the Internet of Things. So I guess I don't have to explain here at the Congress what the Internet of Things is. It's basically the interconnection of all the devices which were analog a few years
03:02
ago with each other and even worse over the Internet. And I thought, yeah, maybe I can combine the knowledge I gathered at SecConsult and conduct a penetration test in this Internet of Things. The problem here is still there are like millions of products and I just have to write one thesis, so I have to select one subcategory in this Internet of Things to conduct the
03:25
penetration test on. And of course, the first thing which came to my mind were smart home devices. We already had a lot of interesting talks about smart home devices. There are like smart coffee machines, smart lawnmowers, light bulbs, thermometers and stuff
03:42
like that. But this category has two problems. So first of all, there is already a lot of research done, and the other problem is the impact. So I don't want to downplay the vulnerabilities which were found there, but when there are vulnerabilities found, I mean, yeah, if there is a DDoS on your lawnmower, you can
04:06
just go out to your garden and mow the lawn yourself. It's not that big of a deal. So I thought I have to select a subcategory where the impact is a little bit more critical. And I came up with the following devices.
04:21
So for example, dolls, smart dolls. There was this doll, Kyla. Some of you might know it. Someone found out that it has a built-in microphone and the data was sent to some dubious service in some dubious countries and it was even declared as an illegal telecommunication device. It had to be destroyed. Or there is a lot of interesting research at baby monitors.
04:43
A colleague of mine wrote a very interesting blog post. You should take a look at it. Or devices which affect our body. So for example, smart pacemakers. They were developed by St. Jude Medical. That's the biggest manufacturer of pacemakers in the world. And they built a pacemaker which is programmable via Bluetooth.
05:03
But yeah, they forgot authentication, which is quite a big of a problem when everyone is able to reprogram your pacemaker. So as we can see, at this category, the impact would be quite critical. But there is, again, a lot of research done.
05:20
So the deadline was coming closer and closer. I had to hand in some kind of topic for my master thesis. I was doing a lot of brainstorming with myself. And then suddenly it came to my mind. There is one category out there where the impact would be very critical. And there is not a lot of research done. And that's the Internet of Dildos.
05:42
So that's basically the integration of sex toys into the Internet of Things, where we interconnected Dildos with each other and over the Internet. But before I'm going to show you what I found in this Internet of Dildos,
06:00
we have to talk about history. Because you might think now that's something new. But that's not true, because the Internet of Dildos, as we know it, is existing for about 50 to 60 years. And as always, when there are new inventions or interesting ideas, they first appear in movies. And that also applies to the Internet of Dildos.
06:22
So those are quite old movies. We have, for example, Barbarella or Flash Gordon or Agasmo. And in those movies, those are real movies. It's not a joke. The Internet of Dildos appeared first in this movie. So for example, at Barbarella,
06:41
the evil guy used a device called the Agasmodron to cause so high levels of arousal and humanity to kill people. So basically, the Internet of Dildos was in the 60s and 70s a weapon of mass destruction and not a weapon of mass pleasure, as it should be.
07:04
So a few years later, a whole research area was formed. This research area is called teledildonics. And that's also not a joke again. And it was first mentioned by Ted Nelson.
07:22
He's a technical philosopher. And he coined quite well-known terms like transclusion, virtuality and intervingularity and teledildonics. And he mentioned this term at first in a book called Computer Lib Dream Machines. Very interesting book, by the way. You should read it.
07:41
And in this book, he did interviews with people who had, yeah, innovative and interesting ideas for the time, but the technology was not just ready yet. And he did an interview with a guy called Hauwachs Press. And Hauwachs Press developed a device or had the idea for a device called Auditag.
08:02
When you Google for Auditag, you find quite an ancient website called auditag.com. And when you dig a little bit deeper, you can find out that he's still looking to find a manufacturer to sell his sonic stimulator. Sounds already quite interesting. And he even has a patent and a small graphic for that.
08:21
So it's basically a radio with one input and two outputs. One input, of course, the antenna, and the two outputs are one for the headphones, and the other output is for the sonic stimulator, which is inserted from below in the human life form. You even can find the patent on Google Patents,
08:42
and he writes there in his abstract, random or controlled electronically synthesized signals are converted to sound waves that are directly coupled to the skin of a life form, such as a human body, for example, to stimulate the skin or internal portions of the life form. So, as we can see, the ideas were there,
09:03
but the technology was just not ready in the 1970s and 1980s. But now we are in the year 2018, and we are definitely ready for a penetration test in the Internet of Dildos. And before I'm going to talk about the test devices and the vulnerabilities, I'm going to make a promise now.
09:23
I will try to keep this as serious as possible. I will try to keep the, I will call it the IPMs, the innuendos per minute, as low as possible. Yeah, and now I just want to talk about the test devices because those are very important. So, I selected three test devices for my master thesis.
09:43
On the right side, we have the, that's not a joke again, Vibratissimo Panty Buster, that's the real name. In the middle, we have the Magic Motion Flamingo, and on the left side, we have the Real Love Lidya. So, the devices on the left side and in the middle
10:02
have one thing in common, they are manufactured in China and the device on the right side is manufactured in Germany. So, I have to admit, I was a little bit biased because I thought I'm going to take a look at the Chinese devices first because there will be a lot of low-hanging fruits. Question to the audience now,
10:21
who believes that I found most of the vulnerabilities in the Chinese devices? Raise your hand. Who believes that I found most of the vulnerabilities in the German device? Who believes that I found vulnerabilities everywhere?
10:42
Yeah, you're basically all right, but when I took a look at the German device, I found so many really, really critical vulnerabilities that I immediately stopped there and wrote my whole thesis about the Panty Buster. Okay, so the Panty Buster itself,
11:00
it's just one product out of a whole product line. I just bought the Panty Buster because it was the cheapest one. They are basically using all the same backends, the same iOS and Android apps. And yeah, the Panty Buster is basically a device which is connected via Bluetooth to a smartphone and it can be used, for example,
11:21
for long-distance relationships, but there is way more behind those apps because there's like a whole social media network built in. You can make group chats, you can create image galleries, you can maintain friends lists.
11:42
Yeah, that's real, that's real. It's not a joke. Yeah, and now we're going to analyze this Panty Buster and take it down to the last part. Yeah, we're going to analyze the software. I'm going to tell you a little bit
12:01
about the transport layer and the hardware, of course. So I'd like to start with the software. So the first vulnerability where we have to talk about is the so-called information disclosure. So you might think, oh, boring, just some random version numbers. Yeah, that's true. Most of the time, information disclosures are boring, but in this case, it's really critical
12:23
because I found a so-called DSTORE file in the web root. A DSTORE file is basically a metadata file which is created by the Mac OS Finder, and it contains a lot of metadata like files and folder names. So when you find such a file in a web root, you have basically a side channel directory listing.
12:43
This DSTORE file has a proprietary format, but as for all problems in life, there is a Python module to decode it. Yeah, and it decoded the DSTORE file, and it was presented with the following contents. So that's basically a side channel directory listing of the web root. There are a lot of interesting files and folders.
13:01
So for example, old page example, I have no idea why it's there in the productive environment. There is a database folder, but the most interesting folder is the config folder. So when I navigate to the config folder, there was redirectory listing enabled, and there was one file in there,
13:21
and it was called config.php.inc with the following contents. So basically, I had no access to the database host name, the database names, user names, and passwords. The problem now was that, as we can see,
13:42
the database host is just local host, so there might be a chance that it's not yet directly reachable via the internet, and we have to find the so-called exposed administrative interface to connect to the database. Yeah, of course, the first thing I did was to do a port scan.
14:14
A lot of interesting ports, sadly no SQL ports, but some of you might remember this,
14:22
yeah, let's call it weird, brown, orange web application called phpMyAdmin, and I found a subdomain which contained the phpMyAdmin installation, and I was able to use those credentials to connect directly to the database and get access to all the data.
14:52
So I basically had access now to the real-life addresses, to messages in clear text which were exchanged, images, videos, and a lot of other stuff.
15:02
So, yeah, and what hurt me the most was the following slides because the passwords were stored in clear text, and that's really not necessary in the 21st century. Okay, so in real life,
15:20
about 30 minutes have passed by, and I tried to do a write-up as fast as possible and submit it to the German Z-Bund, and, yeah, a few minutes later, I got a really interesting call from the German Z-Bund. They told me that they already informed the manufacturer
15:42
and they're already trying to fix those problems. So my problem was now that I still had to write my master thesis, and I just have content for about 30 pages now, and I need, like, 100 pages, so I did a little bit of more research and found way more vulnerabilities, of course. And the next vulnerability I'm going to talk about
16:02
is the so-called insecure direct object reference. Sounds cryptic, but it isn't. It's basically always a vulnerability which is consisting of two sub-problems. So the first problem is when someone uploads resources to a backend, those resources are most of the time renamed to, like, a random string which shouldn't be guessable.
16:24
The first problem would be if it would be guessable. But the second thing is there should be authorization checks in place. So if someone is able to guess those unique identifiers, there should still be some, like, process which should check if the user
16:42
should even be able to download these resources. And in this case, yeah, it was just really easy to guess the identifiers, and there was no authorization whatsoever. And I had to learn this the hard way, literally.
17:04
There is a feature in the smartphone apps called galleries, so you can create galleries. You can set the visibility to no one is able to see it, just your friends are able to see it, everyone is able to see it. You can even set the password on those galleries. Yeah, and just for a test,
17:22
I created a gallery with a few cats, and when you request this gallery, you see the following requests, user manager, PHP, blah, blah, blah, username, password, and some ID. And I thought, yeah, maybe I should change this ID, and it was presented with a dick pic. So yeah, the problem behind this is quite easy.
17:44
Everything which is stored on the server is renamed to a global counter. The global counter is incremented by one after every upload, and there are no authorization checks whatsoever, because the images are just stored on a server, so it doesn't matter if you set a password or set the visibility.
18:01
That's just nonsense to do it. Okay, so the next vulnerability, yeah, I called it improper authentication. To be honest, it was just a weird authentication. So, at second salt, there's already a lot of different ways of implementing authentication, some are good, some are bad, but it can be fixed,
18:22
but in this case, it was just weird. I've never seen something like that. It's basically like HTTP basic authentication, but a little bit worse. So, normally, authentication works as follows. You're sending a username and password to a server, and if this process is successful,
18:41
you get some kind of authorization information, like a cookie or an API token. You can use this cookie or API token to authorize all the other requests. In this case, every request contains just username and password in clear text to authenticate the request. That's just weird, to be honest,
19:00
and also, if your password is compromised, it will also mean that you have to change your username, because it's part of the authentication information. So, weird, weird implementation. Okay, the next vulnerability is called the Remote Pleasure Version 1.0. It's 1.0 because there is a 2.0.
19:25
Yeah, there is a feature in those apps where you can create remote control links. They can be sent via SMS or email, and everyone who is in possession of those links can directly control the devices. There is no extra confirmation needed.
19:42
We will take a look at the email now. There is a button in the email called Quick Control, and there is an ID again. Yeah, the thing is, yeah, it's just a global counter again,
20:02
and what an attacker can do now is download the app, create his own quick control link, decrement the ID, and pleasure just random strangers on the internet.
20:22
Okay, I will show you guys a video now where I'm doing exactly that. So, when the video's going to start, it's going to start perfect. On the right side, we're going to see an attacker device, which is just connected
20:40
to the normal mobile network, and the attacker creates his own quick control link and decrements the ID. And on the left side, we can see another smartphone, which is connected to Wi-Fi to have internet access and via Bluetooth to the Smart sex toy. And this attacker device should now be able to control,
21:04
yeah, you can see that now in a few seconds. It's just what I explained. Yeah.
21:22
Yeah. There is no confirmation whatsoever, so you can directly control all the devices. Okay, I have to stop talking about software now. There is a lot more like cross-scriptings, HTTPS problems, outdated software, but there's not enough time left now,
21:40
so we have to talk about the transport layer. Before I'm going to tell you something about the vulnerabilities I have identified, I will tell you something about Bluetooth low energy in general, the security basics, and how authentication and encryption works on a very high level. So you can imagine that Bluetooth low energy
22:00
basically works like a web API, so that's a very high level explanation. You have API endpoints, those are the service characteristics, and you have properties where you can read and write to. So for example, the device name can be read or written to to change the device name. There are also a lot of other characteristics,
22:20
which will be very important when it comes to remote pleasure version 2.0 a little bit later. So that's a very high level explanation, and no, but we don't have enough time left. Talking about the security basics, Bluetooth low energy is using a CCM, that's Counter CBC with Mac, that's basically considered secure,
22:42
but as we know, security also depends on the key material and the key exchange, and at Bluetooth low energy, the key exchange is defined as the pairing methods. For Bluetooth low energy, we have five pairing methods, we have just no pairing, so yeah, we basically throw packets into the air, and if a device is nearby,
23:02
it tries to do something with those packets. We have just works, we have out of band pairing, pass, skin, numeric comparison. I don't have to tell you the details now, you all know those, it's numeric comparison, where you compare numbers to exchange the key material. You have the pass key,
23:21
which is always zero, zero, zero, one, two, three, four. We have out of band pairing, where the key material is exchanged via NFC, for example, and we have just works that's really secure, where the key is just set to zero, and can be of course brute forced with ease. But it just works, of course.
23:41
So out of those five methods, what does the audience thinks that the sex toy is using? Is it using no pairing? Raise your hands. Is it using any of the other more or less secure methods? Yeah, it's using no pairing.
24:03
That means that the Android and iOS apps just throw the packets into the air, and if a device is nearby, it starts to vibrate. And that's of course easily exploitable. You can just sniff the real traffic and repeat it. I did exactly that using a so-called
24:20
Bluetooth line at your sniffer. I used a Bluetooth device that works very well, and I placed it between the sex toy and the smartphone app. And I sniffed the traffic using Wireshark, and I found some interesting endpoints or handles. There is the 1F handle, which is like an initialization handle,
24:42
and there is the handle 25, where you can send values from 0 to FF to set the vibration intensity. Yeah, and now it's time for a little bit of war-dealing. I wrote this small Python proof of concept,
25:01
which basically scans the air for Bluetooth line energy devices. If it finds a device, it tries to find out if it is a sex toy, and if yes, yeah, it basically turns it on to 200% to FF. So the next thing I want to talk about is not that funny.
25:24
So please don't laugh now, because when we released this, a lot of people on Twitter asked, is this rape? So serious topic. For example, the evil attacker is using my war-dealing script in the metro,
25:41
in the urban, in Vienna, and he would pleasure just random strangers. Is this rape? In Austria, we have two different things. We have rape and sexual assault, and they have two preconditions. So that's violence, three preconditions. We have violence, threats, or deprivation of liberty,
26:02
which is just not the case in this scenario. But we have a special paragraph called, it's really hard to translate that. It's called the Prograbspragaf. I know that's a little bit different in Germany, and I'm not a law expert, so it just kept the Austrian laws, which got verified by Thornis.
26:20
So, and according to this paragraph, this would be an unwanted sexual act, via a third-party object. So it's not rape, but it's an unwanted sexual act. Okay, the hardware. Last but not least. The biggest problem is that firmware updates are not possible. That was confirmed by the manufacturer.
26:42
The problem here is, a lot of vulnerabilities can just be fixed. By doing a firmware update. And the manufacturer came up with the idea that the end users can send in their smart sex toys to do a firmware update. And I'm quite sure that nobody's sending in
27:00
their used devices to conduct a firmware update. And the other problems are debug interfaces. The other just forgot to remove or deactivate their serial interfaces on the sex toys. It's just really easy to extract the firmware and do a little bit of more research on the firmware. Okay, so you might now think,
27:22
I still want to use smart sex toys. What can I do? Yeah, the tinfoil is not working. But there are a lot of interesting
27:41
open source projects out there. So first of all, the most famous project is the Internet of Thongs project. There is a really interesting person behind that. He's called Renderman. You can find him on Twitter. He invented this project to make this whole Internet of Thongs a little bit safer. And he's doing penetration tests and stuff like that.
28:02
And he's even handing out DVEs. So that's the equivalent to CVEs. Then we have butplag.io and metafadish. They are developing open source firmware for a lot of different sex toys. And they are independent from all the manufacturers.
28:20
And there is also something called Onion Dildonics. Which has the goal of rerouting all the smart sex toy traffic over the Tor network to make it a little bit more safer.
28:46
Okay, there is one more thing. I had a lot of calls together with the manufacturer and the German Zertbund. And one call was outstanding because we were discussing the remote pleasure vulnerabilities.
29:01
And we tried to explain to the manufacturer that it's not good, that you can basically out of the box pleasure everyone on the Internet or if you're nearby. We told them that it should be at least like an opt-in feature where you can switch on this feature in the apps.
29:21
But the manufacturer said no, that's not possible because at least they believe that. Most of our customers are in swinger clubs and you don't know beforehand who is in the swinger club. So there is just no opt-in in a swinger club because you're basically always in, yeah. Thank you.
29:57
Taking questions, we have five microphones, two in the front and three in the back.
30:02
So please line up and ask whatever you want. So apparently people on Twitter engaged in a drinking game where they were drinking every time you said penetration testing. In the meantime, we have a question
30:21
from microphone number two. Yeah, did you come across anything with the patent trolls and Teledildonics? I came across what, sorry? Patent trolls. There is a issue with Teledildonics patent and some companies have been threatened to go out of business because of frivolous lawsuits.
30:40
Yes, yes. There was the, I guess it was called the Teledildonics Appreciation Day in August because the patent ended. So you can basically use the term wherever you want or, yeah. Thank you. Microphone number three please. So this was very funny obviously
31:01
and you showed us the really low hanging fruit. On the website in the database, you would have been able to see the social graph of the users. I don't know if you have managed to look at other devices. Can you elaborate a little bit more on something that I believe more serious,
31:23
which is the profiling of users' behaviors, social networks, and so on? So of course I didn't took a look of all the data because it was so critical in my opinion that I directly contacted the Z-Bond so I can't give you any information about the data of course.
31:42
I also took a look at things like tracking and stuff like that and in this case there was not a lot of tracking going on at the German sex toys, but when you compare that to the Chinese sex toys there is way more tracking and stuff like that going on, but it didn't took a detailed look into that.
32:00
Okay, thanks. Thank you. Thank you again for the educational and entertaining talk. And hopefully, that's a lot of time to provide.