Lovense, the manufacturer of internet-connected adult toys, has announced that it has resolved two significant security vulnerabilities that previously jeopardised users’ private email addresses and allowed potential account takeovers. The company insists that these issues have been completely addressed, yet its CEO, Dan Liu, is contemplating legal action in response to reports concerning these vulnerabilities.
In a statement provided to TechCrunch, Liu expressed concerns about what he deemed “erroneous reports” regarding the security flaws. However, he did not specify whether he was referring to media coverage or disclosures made by security researchers. These vulnerabilities were brought to light by a security researcher known as BobDaHacker, who reported them to Lovense earlier this year. The researcher later revealed their findings after Lovense announced a 14-month timeline to fully rectify the issues, a timeframe that was criticised for not employing a quicker fix which could have alerted users to update their applications sooner.
Lovense has communicated that users will be required to update their apps to regain full access to all features following the implementation of the fixes. Liu asserted that there is “no evidence” indicating that any user data, such as email addresses or account information, has been compromised or misused. This declaration raises questions given that TechCrunch and other news outlets had confirmed the email leak by setting up new accounts and matching them with corresponding email addresses.
When TechCrunch sought clarification on how Lovense could confidently determine the security of user data, the company failed to provide a specific explanation of its technical measures, including the availability of logs to trace potential data breaches.
While it is not uncommon for companies to issue legal threats in an effort to inhibit the reporting of damaging security incidents, such tactics face scrutiny. Earlier this year, a journalist in the U.S. resisted a legal injunction from a U.K. court aimed at preventing the reporting of a ransomware attack affecting a private healthcare provider. Moreover, a county official in Florida threatened a security researcher with criminal charges for identifying a flaw that exposed sensitive court records, which highlights how contentious the disclosure of security vulnerabilities can be.
As the landscape of technology continues to expand, the responsibility of ensuring user data security remains a pressing concern for companies like Lovense, which now must navigate the complexities of addressing both technical vulnerabilities and public trust.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
