BigDaddy Malware Variant Infects Multiple Internet Connected Vibrators

(By Stefanie Hoffman & Rick Popko)

Dateline: April 1, 2016 — 10Fold has confirmed reports indicating that thousands of Internet connected vibrators have been penetrated by a malware attack believed to have been perpetrated by hackers sourced to China.

The malware in question is believed to be a variant of the 2007 BigDaddy virus, which has since evolved into an advanced persistent threat (APT) targeting a number of Internet of Things (IoT) devices, including devices used for sexual gratification. According to reports, intruders slipped into the XTC IoT self-pleasuring device via a backdoor to the device’s servers.

Leveraging anonymized Chinese IP addresses, the group of attackers performed a code injection technique known as SQL injection, which is typically used to attack data-driven applications whereby malicious SQL statements are inserted into an entry field for execution. When new users install the device’s software onto their smart phone for the first time, they are prompted to download the latest updates. The virus is surreptitiously downloaded onto the mobile phone during the updating process, which then gives an attacker the ability to control the vibrator’s app remotely and take full control of the device.

“According to reports, intruders slipped into the XTC IoT self-pleasuring device via a backdoor to the device’s servers”

An XTC IoT spokesperson told 10Fold that the company is currently investigating the attack and confirmed that no customer or user data have been compromised. Michael Cox, vice president of marketing at XTC IoT, said the company is closely monitoring and analyzing customer data generated by the device in an effort to determine the intent of the attackers and protect future users from attack. The company is also offering affected customers a free customer credit report.

“Customers satisfaction is of utmost importance to us, and we are taking all necessary precautions to to ensure our customers remain protected from this horrible virus,” Cox said.

According to initial victim reports, the hack has resulted in excessively enhanced device performance. Specifically, the IoT vibrator is operated via an app downloadable to any mobile device. Users can leverage the touchscreen to control the vibrator’s intensity settings that range from “vibrate,” “wave” and “pulse,” to “earthquake” and “frenzy.” According to the website, the app enables lovers to increase vibrational frequency remotely from anywhere in the world.

“The attack came without warning”

During the most recent attack, vibrator modes were literally off the Richter scale, pulsing at hundreds of vibrations per second.

Users with affected vibrators have expressed surprise and strong concern about the usability of their device in the wake of this attack.

“The attack came without warning,” said a local Pasadena woman who requested to remain anonymous. “I was doing what comes naturally, when all of a sudden, the thing took on a life of its own, and I couldn’t make it stop.”

The local woman said she could have been seriously hospitalized if it wasn’t for the help of a concerned neighbor who heard her cries for help.

“The thing took on a life of its own, and I couldn’t make it stop”

“I just thought she was doing what she does every night around this time. But tonight was different,” said Mort Brothman, a local appliance repair man. “Her screams of joy suddenly turned into cries of terror. It took me a while before I could tell the difference and spring into action. I only hope these miscreants are quickly caught and brought to justice.”

Executives at XTC IoT appear mystified by the attack, but noted that sales of the device have increased significantly since this anomaly occurred, particularly for women demographics ranging from age 25 to 50.

Meanwhile, Mary Focker, wife of XTC IoT CEO Bob Focker, was also one of the victims. There are unconfirmed reports that Mr. Focker is now resigning and suing his own company on the grounds that his wife now seems “distant and unresponsive” and that his marriage is currently on the rocks. Ms. Focker filed for divorce last week, according to a court records.

“And all because of an IoT device.”

“She seems so much happier, but now my marriage is in shambles,” he said.  “I thought I knew my wife, but now she’s a total stranger to me. And all because of an IoT device.”

Meanwhile, if you currently own or recently purchased an XTC IoT vibrator, it is strongly recommended you use it manually and do not connect it to the Internet, at least until a patch has been issued from the company.

(With additional reporting by Rick Popko)

PS: “Another April fools from your friends at 10Fold”