A smart sex toy.
The manufacturer acknowledges that an error in its app causes the phone to record and store sound while using the vibrator.
A Reddit user alerted Lovense to the issue and found a lengthy recording on his phone. The Hong Kong-
The company said that the audio files were not transferred from the device and the fix has now been released.
But an expert said the case highlighted the risk of using the Internet.
Connected gadgets
The incident drew attention after reports on the fringe news website.
Lovense's Remote app allows its sexual toys to be controlled via Bluetooth.
It uses the microphone of the smartphone to listen to nearby sounds so that noise can be used as a trigger if needed.
What's not clear is that audio is being stored-
The company's privacy website says it "designs our system to record as little information as possible about our users ".
However, an owner raised the issue last Thursday.
"I am preparing for the factory reset through my mobile media and have a problem. . .
File named "tempSoundPlay.
The user nicknamed tydoctor wrote: "3gp.
"The file is the full recording of the last time I used the app to control my for 6 minutes. . . vibrator. (
We used it at the bar while playing the pool).
"I never thought the app would record the whole session using a vibrator.
The company responded the next day, saying the issue was "a small bug" limited to Android devices, adding that "no information or data was sent to our servers ".
It then reported that it had released an update to resolve the issue.
Lovense explained that it still needs recording in order to provide sound
Active vibration, but the file will be much shorter nowlived.
"The fix deletes the temporary audio file. . .
After exiting the sound control feature, the app does additional checks and deletions every time it launches the app, "it explains.
Earlier this year, another Internet
Sex toys manufacturers
Standard Innovation-
After discovering that its app sent owner data back to the company, it was forced to pay customers more than £ 2 m.
One researcher said that, in contrast, lovers' mistakes seemed mild.
Ken Munro of Pen Test Partners commented: "recording is an unwise thing, but the actual risk of users is relatively low unless someone steals their phone . ".
Another expert added that it was not too worrying to make the temporary recording itself.
"Although this file can be stored in RAM [random-access memory]
, It's much easier and more efficient to stream it to disk for temporary storage, "wrote a researcher named RenderMan.
"It makes sense, especially when files are cleared once they are no longer needed.
"However, this is not the first time a vulnerability has been discovered in Lovense's software.
In last December, the company had to address various defects that made it possible to discover the user's email address.
The owners of smart sex toys and other "IoT" kits need to accept the risks that exist, Munro said.
"Anything that uses a camera and a microphone can lead to privacy violations," he said . ".
"There is a complete lack of standards at the moment, so it is now a Wild West.