Security Researchers say Love Makers Failed to fix two security defects that expose personal email addresses from the user and allow the user’s user account.
Researchers, who go by Bobdahacker Handle, Published the Bug details on Monday After the lovene claimed to take 14 months to fix the disability to avoid pursuing users from some legacy products.
Lovense is one of the largest makers of the internet sex toys, and is said More than 20 million usersSee rankings-. The company makes the headlines on 2023 to be one of the first type of play-toy makers To join the ChatGPT to the ProductsSee rankings-.
But security risks are located in connecting sex toys to the Internet can put users at the risk of the world’s dangerous risk if something is wrong, including Key-ins and Left policy dataSee rankings-.
Bobdahacker said she finds that the lovense leaks another person’s email address when using the app. Although other user’s email addresses are not visible to the app in the app, anyone using the network analysis tool to check the data flows and out of the app will view them, such as muting.
By modifying the network request from the logging of the logging, BobdahaCahacker said that the user’s name corresponds to the registered email address, the potential customer that has relevant to the information.
“This is very bad for the cam model showing the username in public, but clearly does not want a personalized email,” Bobdahacker writes the blog post.
TechCrunch Verified This Bug By Creating A New Account on Lovene and Asking Bobdahacker to Reveal Our Regasive In About A Minute. With automating the process with a computer script, researchers say can get the user’s email address less than twice.
Bobdahacker said that the second vulnerability allows them to take the user’s account for the user’s email address, which can come from the previous bug. This bug allows anyone to make the authentication token to access your lovense account without requires a passage, allowing attackers to control the account as a real user.
“Cam models use the tool for work, so this is a great deal. Literally something can handle your account by knowing your email address,” Bobdahacker said.
These people have a pleasant effect or device.
Bobdahacker reveals bugs to LEVENTSE on 26 March through Internet from DongA project intended to increase the security and privacy of sex toys, and help Report and tell disabilities for device makersSee rankings-.
According to Bobdahacker, he was awarded a total of $ 3,000 through the Hackeyrone Site Boug. But after several weeks back and smash what the bugs are correct, the researcher is public this week after the LOVENSE get 14 months to fix the defect. (Security Researchers usually provide three-month vendors or low security bug fixes before going to the public.) The same company as the same email, “
Researchers who give information company first in disclosure, each email appears in techcrroch. Bobdahacker said the update of blog post on Tuesday if bugs can be identified by other researchers that have been reviewed on September 2023, but the bug is allegedly closed without fix.
Lovense does not respond to the email of technrch.