Major Security Weaknesses Of Internet-Connected Sex Toy, Siime Eye Exposed

Researchers of computer security have managed to hack a sex toy manufactured by Svakom, a firm based in the United States. The sex toy, Siime Eye possesses a camera at the tip and is capable of connecting to the internet via Wi-Fi. Other features that the vibrator has include an endoscope camera and a torch that is built in. The device can thus be used to share multimedia content with others including pictures and videos.

But according to Pen Test Partners, a security services and penetration testing firm, it is easy to hack into the web interface of the device and gain access to intimate videos that the device has recorded. The computer security firm revealed that this could be done by trying to work out the password of the user by keying in the default password of the manufacturer which is 88888888, in cases where the device had not changed since the purchase.

Professional hackers

Additionally, those with an advanced knowledge were in a position to get complete control of the device. This would require writing a rogue application and compelling the user to link their device to the rogue application by use of the default login credentials. From there it would be possible to use the device’s inbuilt functionality in performing just about any unsolicited action. This could include siphoning Wi-Fi passwords and video data.

The computer security firm also revealed that it had made Svakom aware of the issue but no response had been received so far. Pen Test Partners first made contact with Svakom in December last year and several other times since then. But upon not getting any response, the security firm decided to publish details outlining the vibrator’s security vulnerabilities.

Not the first

This is, however, not the first time that a smart vibrator is getting exposed over security vulnerabilities at the risk of exposing the privacy of their customers. Last month, a sex toy firm known as Standard Innovation reached a settlement of approximately $3.75 million with plaintiffs who had sued over violation of their privacy. The firm which is known for connected sex toys called We-Vibe, was accused of storing users’ data gleaned from their devices on its servers without their consent.

Information that data belonging to users was being stored illegally by Standard Innovation was revealed at a hacking conference. The kind of information that was being stored in such a manner basically revealed user habits and included vibration intensity, times and dates of use and temperature changes being noted on gadget every minute.

Leave a Reply