It might not be quite as useful to authorities as smart TV cameras, but a Wi-Fi-enabled vibrator with an in-built camera is the latest connected device to be at the centre of a hacking story.
Security experts Pen Test Partners (which amusingly stands for Penetrating testing and security partners) decided to see whether they could hack into Svakom’s Siime Eye vibrator – a dildo slash endoscope that lets users broadcast the insides of their private parts.
They found that anyone within Wi-Fi range could easily force their way onto the device’s live stream by guessing the default password, and with some extra hacking skills could access the firmware and gain "complete control" over the dildo.
As Pen Test Partners explains in a blog post, the manufacturer had left the default password as an easily guessable “88888888”. Unless the user has changed the password, it would be simple to anyone picking up the signal to watch the proceedings. Going further, the group says it is “trivial to connect to the access point [AP],” and that if you manage to do this, you’ll have “instant access to everything on this web application”.
Operating as a Wi-Fi access point also allowed the team to geolocate other Siime Eye users. “This part surprised us the most – using Wi-Fi is logical, given the bandwidth required to stream video, but most IoT devices would be configured to operate as a Wi-Fi client, not an access point. This choice was odd.”
Svakom has yet to respond to Pen Test Partners’ exploits. It isn’t the first time a sex toy has become tangled up in the Internet of Things security debate, with Canadian firm Standard Innovation having recently settled to pay out $US3.75 million following claims its connected We-Vibe vibrators were sending personal information to the company without user consent.
With the increase of connected devices in our homes, anything that’s connected to Wi-Fi and has sensors is up for scrutiny by security experts. Mattel’s Hello Barbie doll, for example, was shown to be hackable after researchers were able to hijack its in-built microphone to listen in on people’s conversations – transforming the doll into a makeshift surveillance device.