Internet-connected sex toys, leones, user emails have been exposed for months-they have been made aware of the danger. In a blog post that was seen by Takkarch And Buliping computerSecurity researcher Bobdahakar found that he could “convert any user’s name into his email address”, which he could use to handle one’s account.
Although Bobbhadar initially revealed the risk of Lewins in March, the researcher claims that Luns waited for months before fixing it, and still not fully paid attention to the issue. Lewins is behind many sex toys that users can connect to the Internet and control it from far away, which was set on fire for a “minor bug” in 2017, which recorded consumers’ sex sessions.
As described in the post of Bubdahar, a security researcher saw something strange in response to the app’s API while silenced someone: he presented his email address. Boobadar then estimated that he could benefit from this risk by sending an amended request to Luns’ servers, and cheating it in returning the target user’s email address.
Even Bobbhadar developed a script that he says can turn a user name into an email address in less than a second. Bobdahkar writes, “This is especially bad for the Kim Model that distributes its usernames publicly but obviously don’t want to expose their personal emails.” To further worsen matters, Bubdahar later discovered that he could handle the user’s account with his email address and a verification token prepared by his email address and Lavis.
Bobbhakar initially reported the dangers in partnership with the Internet of Dongs, aimed at making the Internet -connected sex toys more secure. However, a security researcher says Lewis did not immediately fix the issue. Instead, Luns claimed that the account -takeover Big was fixed in April, though Bubhakar had said that it was not, and that it would take 14 months to end the email leak issue.
According to Bobbhakar, Luns said, “We have also reviewed a fast, a month’s accuracy. However, it will need to force all users to immediately upgrade, which will disrupt the support of the legacy version.” As Bobbhadar has noted, security researchers told the same account takeover in 2023, but it seems that the company has in fact closed the bug without fixing it.
In a statement Buliping computerLuns says it has submitted an app update to App Stores “to deal with the latest risks”. “It is expected that all users will be fully updated within next week,” says Lewins. “Once all users are updated in the new version and we disable the old version, this problem will be resolved completely.” StuffyRequest to comment.
