Wi-Fi sex toy with built-in camera fails penetration test

Svakom's cyber mock cock can expose your most intimate moments to strangers

By Richard Chirgwin

Posted in Security, 4th April 2017 00:31 GMT

Sex toy designer Svakom decided that a vibrator needed a camera on the end, and it also needed a Wi-Fi access point – with the utterly predictable result that the device is hackable.

Pen Test Partners – these jokes just write themselves, really – took a look at the device, and the researchers probably wish they hadn’t, because the Svakom Siime Eye is an early favourite for a hypothetical 2017’s Worst Internet-of-S**t Product award.

Looking at the Android app, Pen Test Partners’ (PTP’s) researchers first turned up “some hard-coded credentials, and a hard-coded IP address and port.”

The hard-coded credentials, admin:blank, make it “trivial” to connect to the dildo’s Web admin interface, PTP writes, and even better – the Web app serves the video from the camera, and because it’s an access point, an attacker within range can identify users.

It gets worse.

Unless it’s bought by someone who pays attention to their home security, the access point name is static “under normal use.” That means “Siime Eye” is already turning up on war-driving sites (the post cites wigle.net as its example) so that pervs can figure out where the device is in use, and tune in to its output.

And there’s a Skype interface – or, at least, there’s a cgi script called skype_pwd, along with other scripts for sending emails and changing DNS settings.

With a little work, PTP was able to siphon the video stream from the dildo, meaning someone’s most intimate activities are badly protected.

With a little more work – we’re actually into hacking here, people, PTP had to look at the UART outputs! – the unremarkable Telnet password reecam4debug, and with that, the dildo is rooted: “We’ve got complete control over every inbuilt function in the Siime Eye, easy access to the video stream, a root shell and persistence on a dildo.”

Responsible disclosure says you only go public (a) after a patch is available, or (b) you get no response from the vendor. Guess which one of these made PTP publish the post? ®

Sign up to our NewsletterGet IT in your inbox daily

82 Comments

More from The Register

Supreme Court punts on Microsoft email seizure decision after Cloud Act passes US Congress

Dublin case closed but very big legal question remains

Corpse! of! Yahoo! drags! emails! of! the! dead! case! to! US! Supreme! Court!

'Pon their Oath, they're not having this

Supreme Court to rule on whether US has right to data stored overseas

Microsoft's Irish data centre spat asks: How far should an American warrant go?

Supreme Court closes court-shopping loophole for patent trolls

Things are about to get very quiet in Eastern Texas

Denied: Uber's request to skip to UK Supreme Court to appeal workers' rights

Claimant: We've beaten Uber twice, prepared to do it again

Billionaire's Babylon beach ban battle barrels toward Supreme Court

Analysis Sun cofounder Khosla continues fight to keep surfers off public pleasure spot

Should ISPs pay to block pirate websites? Supreme Court to decide

BT and EE take it all the way to the top

Slapping crap bosses just got cheaper: Blighty's Supreme Court nixes tribunal fees

£1,200 upfront cost denied the public access to justice

US Supreme Court set to kill Twitter, Facebook ban for sex offenders

Oral arguments critical of North Carolina law that blocks criminal perverts from social media

Behold, ye unworthy, the brave new NB-IoT logo

Logowatch And give thanks unto the GSMA