Pingback: VR porn app ‘SinVR’ exposes details of 20,000 customers | | Virtual Reality Insider Pingback: Adult VR app SinVR exposes names and emails of thousands of users | Tech News Release Pingback: Adult VR app SinVR exposes names and emails of thousands of users – Tech News Headline Pingback: Adult Themed Virtual Reality App spills Names, Emails of Thousands | The Linkielist Pingback: 20,000 Users Personal Information Exposed in Adult VR Data Leak Pingback: Adult Themed VR Game Leaks Data On Thousands – Pingback: Adult Themed VR Game Leaks Data On Thousands - R- Pakistan Daily Roznama It is not outside the realm of possibility that some users could be blackmailed with this information,” Harris wrote.
“Not only could an attacker use this to perform social engineering attacks, but due to the nature of the application it is potentially quite embarrassing to have details like this leaked. While the risk of physical harm resulting from the flaws is low, the sensitive nature of the toys presents a number or risks. Similarly, the researcher Alberto Segura likewise identified flaws in mobile applications that were companions to and allowed remote control of adult toys. The firm Pen Test Partners discovered a wide range of security flaws in adult toys including wireless vulnerabilities and vulnerable mobile applications. The security of adult themed web sites and toys has been found wanting before. Multiple efforts by The Security Ledger to contact inVR Inc. have fallen flat, including messages sent by email, Twitter and on Reddit forums where the company is active. More than one effort to reach out to the parent company, InVR Inc.
NET library, was simple to reverse engineer and analyze. However, contacting the firm has proven challenging. He said the application, which relied on a Microsoft.
Sinvr and interactive sex toys download#
And, because no authentication is required, it would be possible for any SinVR user to download all customer records, Harris said. The function was not accessible from the SinVR application, but by studying how the SinVR web API (application program interface) worked, Harris was able to trigger it manually. (Image courtesy of Digital Interruption.) A doctored screenshot of leaked data from a SinVR application. Passwords and credit card details were not part of the data dump, Harris said.
Sinvr and interactive sex toys Pc#
That function called a web service that downloaded thousands of SinVR customer records including email addresses, user names, computer PC names and so on. The group discovered the hole after reverse-engineering the SinVR desktop application and noticing a function named “ downloadallcustomers“. Researchers at Digital Interruption, a penetration testing firm based in Birmingham, UK, made a survey of various adult themed applications and decided that the SinVR application looked like the most fruitful ground to explore. Also exposed was data including names, email addresses and device names for customers who paid for the SinVR content using PayPal. SinVR is a sex-themed virtual reality game that allows players to navigate in various adult-themed environments and interact with virtual characters in common pornographic themes including BDSM, cosplay, teacher, and so on.Īccording to the post, Digital Interruption found a high risk vulnerability in the SinVR application that allows an attacker to download details such as the customer’s name, email addresses and device names for everyone with a SinVR account.
SinVR, a company offering adult-themed virtual reality games, exposes data on thousands of customers via a leaky desktop application, according to researchers at the firm Digital Interruption. Jahmel estimated that more than 19,000 records were leaked by the application, but did not have an exact count. The company decided to go public with the information after being frustrated in multiple efforts to responsibly disclose the vulnerability to parent company inVR, Inc., Digital Interruption researcher and founder Jahmel Harris told The Security Ledger. Researchers at the firm Digital Interruption on Tuesday warned that an adult-themed virtual reality application, SinVR, exposes the names, email and other personal information via an insecure desktop application – a potentially embarrassing security lapse. Thousands of Internet denizens who wanted to explore their virtual naughty side are in for an unpleasant surprise after a firm offering an adult virtual reality game, SinVR, accidentally exposed information on around 20,000 customers to security researchers. Thousands of users of an adult virtual reality application risk having their personal information, including names and email addresses exposed, according to researchers in the UK.
0 kommentar(er)
