Manufacturer of ‘smart’ vibrators settles data collection lawsuit for $3.75 million

Forget prying microwaves. Real spies could be sex toys.

At least that was a claim made by two plaintiffs in a class action filed in Chicago federal court against standard innovationa Canadian manufacturer of “smart” vibrators that allow users to “turn on your lover” remotely via a Bluetooth connection.

The class action lawsuit came after two hackers demonstrated at a hacking conference last year that it was possible to take remote control of the vibrator and activate it.

The company agreed this week to pay $3.75 million to settle the lawsuit, which alleged the company violated privacy by accessing personal information. Under the terms of the settlement, Standard Innovation will also stop recording users’ personal information and destroy all collected data.

To use the We-Vibe vibrator’s full range of features and custom vibrations, including text and chat functions, users had to download the We-Connect mobile app from the Apple Store or Google Play. Once the app was installed and linked to the vibrator, consumers could use their smartphone to access and control it remotely, according to the company.

“The usage information collected by Standard Innovation through We-Connect is extraordinarily intimate and private,” according to the plaintiffs’ court documents. The two main complainants were anonymous, including an Illinois woman identified as NP who said she purchased a $130 We-Vibe Rave and downloaded the app but was never notified of the data collection, The Chicago Tribune reported.

“Standard Innovation collected usage information at the individual level – often tied to users’ personally identifiable addresses,” they said, adding that the company “breached the trust of its customers, devalued their purchases” and “violated federal and state laws in the process”.

About 300,000 people have purchased We-Vibe devices covered by the class action, and about 100,000 have downloaded and used the app, according to a memo filed with the settlement agreement.

The security and data collection issues were revealed last year at the Def Con hacker conference in Las Vegas during a conference called “Hacking the Vibrating Internet of Things”, by two hackers, The Guardian reported in August.

“A lot of people in the past have said it’s not really a serious problem,” said one of the hackers. which goes through @Followr on Twitter, said at the conference. “But if you go back to the fact that we’re talking about people, unwanted activation of a vibrator is potentially sexual assault.” His co-presenter was @g0ldfisk. They estimated that Standard Innovation had about two million customers for its products.

In the settlement, the company denied any wrongdoing.

“At Standard Innovation, we take the privacy and security of customer data seriously,” spokesperson Denny Alexander said in an email on Tuesday, calling the settlement “fair and reasonable.”

In September, he said, “we responded quickly to concerns about app privacy and security. We’ve improved our privacy notice, increased app security, given customers more choice in the data they share, and we continue to work with leading privacy and security experts to improve the application.

This latest class action reflects growing concerns that “smart” home internet-connected products can become, well, too smart. A reporting chain in recent years, hackers targeting and remotely controlling things like baby monitors have raised alarm bells. And numerous experiments conducted by researchers have shown how easy it is to hack cars, medical devices and even dolls.

Last month, German regulators announced they were banning the sale of Cayla, a doll made by US company Genesis Toys, because they believed hackers could use it to steal personal data by recording private conversations via a unsecured Bluetooth connection.

The doll is also under intense scrutiny in the United States, where advocacy groups filed a lawsuit with the toymaker in December, alleging the company records and transmits children’s voiceprints to a software company.

Comments are closed.