Security

Wi-Fi sex toy with built-in camera fails penetration test

Svakom's cyber mock cock can expose your most intimate moments to strangers

By Richard Chirgwin

82 SHARE

Sex toy designer Svakom decided that a vibrator needed a camera on the end, and it also needed a Wi-Fi access point – with the utterly predictable result that the device is hackable.

Pen Test Partners – these jokes just write themselves, really – took a look at the device, and the researchers probably wish they hadn’t, because the Svakom Siime Eye is an early favourite for a hypothetical 2017’s Worst Internet-of-S**t Product award.

Looking at the Android app, Pen Test Partners’ (PTP’s) researchers first turned up “some hard-coded credentials, and a hard-coded IP address and port.”

The hard-coded credentials, admin:blank, make it “trivial” to connect to the dildo’s Web admin interface, PTP writes, and even better – the Web app serves the video from the camera, and because it’s an access point, an attacker within range can identify users.

It gets worse.

Unless it’s bought by someone who pays attention to their home security, the access point name is static “under normal use.” That means “Siime Eye” is already turning up on war-driving sites (the post cites wigle.net as its example) so that pervs can figure out where the device is in use, and tune in to its output.

And there’s a Skype interface – or, at least, there’s a cgi script called skype_pwd, along with other scripts for sending emails and changing DNS settings.

With a little work, PTP was able to siphon the video stream from the dildo, meaning someone’s most intimate activities are badly protected.

With a little more work – we’re actually into hacking here, people, PTP had to look at the UART outputs! – the unremarkable Telnet password reecam4debug, and with that, the dildo is rooted: “We’ve got complete control over every inbuilt function in the Siime Eye, easy access to the video stream, a root shell and persistence on a dildo.”

Responsible disclosure says you only go public (a) after a patch is available, or (b) you get no response from the vendor. Guess which one of these made PTP publish the post? ®

Sign up to our NewsletterGet IT in your inbox daily

82 Comments

More from The Register

UK Supreme Court considers whether spy court should be immune to legal probes

Privacy International lays out its case to El Reg

Apple heading for Supreme Court showdown over iOS App Store 'monopoly' gripe

Cupertino getting little love from the Supremes so far

Supreme Court tells Big Cable to shut up for once: Net neutrality challenge shot down

Even America's top court is bored of 'open internet' legal shenanigans

IoT shouters Chirp get themselves added to Microsoft Azure IoT

Now your devices can join you in bellowing at Redmond's products

Rimini and Oracle's legal eagles return to the ring in front of Supreme Court

Top US justices hear oral arguments in copyright battle

EU security think tank ENISA looks for IoT security, can't find any

Proposes baseline security spec, plus stickers to prove thing-makers have complied

UK Supreme Court to probe British spy court's immunity from probing

Privacy International gets another shot at shadowy Investigatory Powers Tribunal

Morrisons supermarket: We're taking payroll leak liability fight to UK Supreme Court

Brit grocer says it shouldn't be held responsible for criminal actions of worker

Apple hauled into US Supreme Court over, no, not ebooks, patents, staff wages, keyboards... but its App Store

'Monopoly' game continues

Trademark holders must pay for UK web blocking orders – Supreme Court

Top judges say ISPs – but not webhosts or caches – can pass the buck