Wi-Fi sex toy with built-in camera fails penetration test
Svakom's cyber mock cock can expose your most intimate moments to strangers
Sex toy designer Svakom decided that a vibrator needed a camera on the end, and it also needed a Wi-Fi access point – with the utterly predictable result that the device is hackable.
Pen Test Partners – these jokes just write themselves, really – took a look at the device, and the researchers probably wish they hadn’t, because the Svakom Siime Eye is an early favourite for a hypothetical 2017’s Worst Internet-of-S**t Product award.
Looking at the Android app, Pen Test Partners’ (PTP’s) researchers first turned up “some hard-coded credentials, and a hard-coded IP address and port.”
The hard-coded credentials,
admin:blank, make it “trivial” to connect to the dildo’s Web admin interface, PTP writes, and even better – the Web app serves the video from the camera, and because it’s an access point, an attacker within range can identify users.
It gets worse.
Unless it’s bought by someone who pays attention to their home security, the access point name is static “under normal use.” That means “Siime Eye” is already turning up on war-driving sites (the post cites wigle.net as its example) so that pervs can figure out where the device is in use, and tune in to its output.
And there’s a Skype interface – or, at least, there’s a cgi script called
skype_pwd, along with other scripts for sending emails and changing DNS settings.
With a little work, PTP was able to siphon the video stream from the dildo, meaning someone’s most intimate activities are badly protected.
With a little more work – we’re actually into hacking here, people, PTP had to look at the UART outputs! – the unremarkable Telnet password
reecam4debug, and with that, the dildo is rooted: “We’ve got complete control over every inbuilt function in the Siime Eye, easy access to the video stream, a root shell and persistence on a dildo.”
Responsible disclosure says you only go public (a) after a patch is available, or (b) you get no response from the vendor. Guess which one of these made PTP publish the post? ®