Lovense, a popular connected sex toy platform, faces severe security flaws that leak user email addresses and allow account hijacking. These vulnerabilities highlight the risks associated with app-controlled devices and the importance of prompt security fixes. #Lovense #ZeroDayFlaw
Keypoints
- Security researchers discovered a zero-day flaw in Lovenseβs platform that exposes user email addresses.
- The vulnerability allows attackers to reverse engineer API responses and obtain usersβ private email information quickly.
- A critical account hijacking flaw enables impersonation of users and potential full admin access.
- Lovense identified and fixed some issues, but other vulnerabilities remain unpatched, raising ongoing security concerns.
- The investigation underscores the need for companies to prioritize timely security updates for connected devices.