British hackers have discovered that they were easily able to hack into a $249 dildo which includes “a small camera on its tip,” creating the potential risk of hijackers looking in on intimate footage.
The Svakom Siime Eye, which touts itself as a “wireless camera vibrator for women,” lets users look inside their orifices during use, and also features waterproof functionalities, “whisper quiet” vibrations, and an “intelligent mode.”
“However, if you’re in Wi-Fi range of the dildo and can guess the password, which by default is ‘88888888,’ you can watch the video stream,” explained Vice’s Motherboard. “With a bit more hacking, you can take control of the firmware and then connect to it remotely as well.”
“When somebody is using it, someone else could be seeing the video stream,” claimed Ken Munro, the founder of Pen Test Partners, who discovered the vulnerability, adding that you’d also “never know about it.”
“The fact they chose to use Wi-Fi was utterly stupid,” Munro continued, before recommending owners of the device to throw it away and “never use it again.”
In a blog post on Monday, Pen Test Partners explained how easy it was to take control of the device.
“Beau du Jour found that the Siime Eye creates a Wi-Fi internet access point whose password, by default, is ‘88888888.’ That way, anyone in range can connect to it by guessing the simple password,” reported Motherboard on the blog post. “By looking at the code of the mobile app that comes with the dildo, the researcher also found that once on the dildo’s Wi-Fi, you can access its webserver. This has a login portal, but the user is ‘admin’ and the password is blank.”
“By reverse engineering the firmware, Beau du Jour found a way to get root — hacker speak for taking full control of it — and get persistence on the device, meaning that he could connect to it even outside the range of the Wi-Fi,” they continued. “At that point, it was game over for the smart camera dildo.”
Sex toy company We-Vibe was ordered to pay out nearly $3 million in March after it was discovered that their own “smart vibrator” had been secretly collecting intimate data.
The We-Vibe 4 Plus vibrator, which allows users to customize their sexual experience with a variety of options via an app, was revealed to be secretly sending “vast quantities of user data to We-Vibe’s parent company,” while it was also revealed that the device could be hacked from a “close proximity.”
“Following a class-action lawsuit in an Illinois federal court, We-Vibe’s parent company Standard Innovation has been ordered to pay a total of C$4m [Canadian dollars] to owners, with those who used the vibrator’s associated app entitled to the full amount each. Those who simply bought the vibrator can claim up to $199,” reported The Guardian. “The app that controls the vibrator is barely secured, allowing anyone within Bluetooth range to seize control of the device.”
“In addition, data is collected and sent back to Standard Innovation, letting the company know about the temperature of the device and the vibration intensity – which, combined, reveal intimate information about the user’s sexual habits,” they continued.
Last month, technology firms also warned that sex toy hacking was a growing cyber-risk.