USB sticks to several shopping kiosks near the ���� headquarters
in Kabul. Eventually an American soldier had bought one and used it
with a secure computer.[22] It’s not only humans who pose a security
risk. In 2017, a US casino was surprised to discover its data had
been flowing to a hacker’s computer in Finland. But the real shock
was the source of the leak. Rather than targeting the well-protected
main server, the attacker had got in through the casino’s internet-
connected fish tank.[23]
H�����������, ������� have been most interested in accessing or
disrupting computer systems. But as technology increasingly
becomes internet-connected, there is growing interest in using
computer systems to control other devices. This can include highly
personal technology. While that casino fish tank was being targeted
in Nevada, Alex Lomas and his colleagues at British security firm
Pen Test Partners were wondering whether it was possible to hack
into Bluetooth-enabled sex toys. It didn’t take them long to discover
that some of these devices were highly vulnerable to attack. Using
only a few lines of code, they could in theory hack a toy and set it
vibrating at its maximum setting. And because devices allow only
one connection at a time, the owner would have no way of turning it
off.[24]
Of course, Bluetooth devices have a limited range, so could
hackers really do this in reality? According to Lomas, it’s certainly
possible. He once checked for nearby Bluetooth devices while
walking down a street in Berlin. Looking at the list on his phone, he
was surprised to see a familiar ID: it was one of the sex toys that his
team had shown could be hacked. Someone was presumably
carrying it with them, unaware a hacker could easily switch it on.
It’s not just Bluetooth toys that are susceptible. Lomas’ team
found other devices were vulnerable too, including a brand of sex toy
with a WiFi-enabled camera. If people hadn’t changed the default
password, it would be fairly easy to hack into the toy and access the
video stream. Lomas has pointed out that the team has never tried to
connect to a device outside their lab. Nor did they do the research to