Buzz off! This smart vibrator is vulnerable to peeping hacks

Others might be enjoying your toy with a view.

If you’re the owner of a Svakom Siime Eye internet-connected, camera-equipped vibrator, it might be time to hide that thing in a deep, dark corner of your dresser. It turns out that the smart  toy is vulnerable to hacking, according to UK-based penetration testing and security services firm Pen Test Partners.

The $249 device works with an app that lets users watch video, take pictures and videos and save them to devices like phones or laptops. Granted, if you’ve purchased a vibrator that has a camera and connects to the internet, that probably means you want someone to watch. The problem is it’s pretty easy for anyone who’s within Wi-Fi range and can guess your password to access your video stream.

“This is about as private as it gets,” Pen Test founder Ken Munro told CNET. “It’s one thing having your email address compromised, it’s another thing having your password hacked, another thing having your credit card scammed, but this is a whole new level.”

The Siime Eye is just the latest “smart” device — anything connected to the internet and able to talk to other gadgets like phones or laptops — to face a security crisis. While the tech industry touts the convenience of everything talking with each other to make your life better, consumers face headline scares with smart homes, cars and even connected toys facing security breaches. And for smaller companies, building security into a product isn’t always the top priority.

Siime Eye isn’t even the first connected  toy to raise privacy concerns. Standard Innovation, a company that makes the line of We-Vibe connected vibrators, settled a class-action lawsuit in March for $3.75 million in light of its practice of storing data from the devices on its servers without permission. The We-Vibe case was actually the inspiration for Pen Test Partners, which usually sticks to government and financial services, to test out the Siime Eye, Munro said.

Svakom, which bills itself as “a premium international brand of sexual stimulators designed in the US,” did not respond to a request for comment on what security measures it might implement given the report.

One of the main issues is that the Siime Eye is set up as a Wi-Fi access point instead of a client, Munro said, leaving users more exposed. Hackers can use access point names to geolocate devices. Pen Test Partners also found information that could be used to access the Siime Eye server, hard-coded into the app. The Siime Eye was vulnerable to Pen Test Partners’ hacking efforts, but in a blog post, the firm made that point that even if you’re not a skilled hacker, if you can get near a Siime Eye and figure out the likely weak or default password, you’ve got access.

And with the rise of the Internet of Things, or IoT– don’t be surprised by what else ends up gathering data. Take the i.Con Smart Condom, which is actually a ring that collects stats like thrusting velocity, calories burned, skin temperature and how many times you just did the deed, in case you’ve just totally lost track.

In any case, Pen Test Partners recommends changing the Siime Eye password to something long and complicated. And while it’s not a total guarantee, Munro suggests buying IoT devices made by larger companies– companies that would have the resources and motivation to fix problems, should they arise.

Someone could hack this connected vibrator.Svakom


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s