What companies can learn from the We-Vibe lawsuit about the Internet of Things
A class action lawsuit against an internet-connected pleasure device highlights the potential pitfalls a growing number of companies will face as they embrace connected technologies and seek to capitalize on the nascent internet of things (IoT).
Canada-based Standard Innovation owns We-Vibe, a “premium sensual lifestyle products” company that sells smart vibrators that can be controlled by a mobile app.
In 2016, hackers at the Def Con security conference in Las Vegas revealed how one of the company’s smart vibrators could be hacked, allowing an unauthorized user to take control of the device.
The hackers also revealed that the devices were sending usage data to Standard Innovation every minute. That data included the temperature of the device, and when the intensity of the vibration was changed. With that information, it would be possible for Standard Innovation to determine precisely when its customers were using their devices.
According to reports, up to 300,000 people bought We-Vibe’s smart vibrator, and up to 100,000 people used the associated app.
While the nature of the We-Vibe product makes for intriguing headlines, the reality is that companies in far less exotic lines of business are going to find themselves in similarly thorny situations as more and more of them embrace internet connected products ranging from intelligent assistants to thermostats to wearables.
But the security risks and privacy challenges created by the IoT are significant and every company that gets involved in the IoT in some fashion will have to consider the risks and privacy implications.
These not only have the potential to cause financial harm to companies when things go wrong, but IoT security problems and privacy mix-ups could inflict long-lasting reputational harm that could threaten companies’ ability to take advantage of the IoT altogether.
We-Vibe understandably captured lots of attention, but it’s hardly the only company that is already learning the hard way that security and privacy cannot be taken for granted when it comes to connected devices. A few of a growing number of examples:
Obviously, despite the risks, businesses shouldn’t necessarily shy away from the IoT out of fear. But with lawyers ready to pounce, companies will need to make security and privacy their top two priorities when pursuing IoT opportunities.