A smart sex toy-maker has acknowledged that a bug with their app caused combined to record and store sounds, while her vibrators were in use.
Lovense has been sensitized to the issue by a user of Reddit who had discovered a long recording on their phone.
The Hong Kong firm said that the audio file has not been transmitted to the unit is off and has released a patch.
But one expert said that the case highlighted the risks of the use of internet-connected gadgets.
The issue drew attention after it was reported by The verge news site.
Lovense Remote application allows sex toys to be controlled via Bluetooth. It uses a smartphone’s microphones to listen to the nearby sounds, so that the noises can be used as a trigger if you want.
However, last Thursday, a owner reported the problem.
“I’ve been going through my phone media to prepare it for a factory reset and came across a… a file named “tempSoundPlay.3gp,” wrote a user nicknamed tydoctor.
“The file was a full audio recording of six minutes of the last time I had used the app to control my… vibrator. (We’ve used it in a bar while playing pool).
“At no time, I wanted the application to record entire sessions using the vibrator.”
The company responded the next day described the problem as “a minor bug”, which was limited to Android devices, and added that “no information or data are sent to our servers”.
Subsequently, he indicated that he had released an update that addressed the problem. Lovense has explained that he always had to make records to provide sound activated by vibration, but the files will be much shorter in duration.
“The fix removes the temporary audio file… after they have left Its Control and the application will do an additional check and delete each time the application is started,” he explained.Risk of theft
Earlier this year, another connected to the internet sex toy manufacturer Standard Innovation has been forced to pay more than 2 million pounds to its customers after its application has been discovered to be sending data on the owners of the company.
A researcher said Lovense the error seems to be mild in comparison.
“It was not a good thing to save, but the real risk to users has been relatively low, unless someone stole his phone,” said Ken Munro from Pen Test Partners.
A second expert added that the achievement of a temporary registration was not, in itself, too concerning.
“So that this file can be stored in the RAM [random access memory], it is much easier and more efficient to stream to disk for temporary storage,” blogged researcher known as RenderMan.
“It has a meaning, especially when it was clear that the file had to be purged once it was no longer necessary.”
However, this is not the first time that vulnerabilities have been discovered in Lovense of the software.
Last December, the company had to fight against a variety of defects, it is possible to discover users ‘ email addresses.
Mr. Munro advised that owners of smart sex toys and other “internet of things” kit and need to accept there were risks involved.
“Everything that uses a camera and microphone potentially has the possibility of causing an interference to the private life,” he says.
“At the present time, there is a total absence of standards, so it is a Wild West right now.”