Created by Michael Gonzalez lead cybersecurity engineer at LINK & LOVE™
Purpose of this Document
To define a comprehensive security, privacy, abuse prevention framework for the development of IoT-connected sex toys. To protect the privacy and safety of all stakeholders thru the secure use of API platforms. To minimalize threat vectors and facilitate reliable UI&UX.
What Makes This Platform Unique
Interoperability across multiple vendors and communication protocols using BLE, WebSocket, &Serial USB
Centralized API for remote real-time control and session management
Support for both transmission protocols for LAN and WebRTC for public & private use cases
Embedded support for vendor-specific command structures and encryption models
Key Security Challenges
BLE "Just Works" pairing lacks authentication, allowing spoofing
Improper Device Isolation (e.g., Kiiroo 'cat' control command)
Device telemetry leakage through command response (e.g., Lovense DeviceType; returns BT address)
WebSocket hijacking, token replay, or cross-session misbinding
Metadata exposure via connector protocols