Researchers have discovered a simple way to hack an Internet-connected vibrator that, of course, comes equipped with a camera. After hacking the device, a video can be streamed live, and the user might not even know what happened.
The Internet of Things (IoT) devices have become so vulnerable that from smart TVs to cars, from smartphones to plugs or CCTV cameras can be hacked and use for malicious purposes. Now, it’s time for Wi-Fi dildo camera.
Security firm Pen Test Partners’s researchers have discovered that a device called Svakom Siime Eye that costs about $250 is easy to hack and it’s possible because the dildo comes with a video camera with streaming capability. The problem occurs because of the unsecured connection, and if someone is in the range of dildo’s Wi-Fi connection and could guess its password, they can quickly “join in on the fun.”
Apparently, the device’s default password is 88888888, and if the user forgets to change the default login credentials, a few more players than expected might be watching their newest video. For more capable hackers, it’s even possible to remotely take control of the firmware and benefit from the situation by live-streaming it without the victim’s knowledge. The researchers explain in a blog post that and send it somewhere unsolicited.”
Pen Test Partners’ researchers have informed Svakom of their product’s flaw several times in the past few months, with the first contact being in December 2016. After receiving no response, they tried resending the emails in both January and February, but since the silence had continued, they decided that it would be better to simply inform the authorities about the situation. What everyone could agree on this is that some things shouldn’t have an Internet connection at all.
“We could write a rogue application, compel a user to connect our app to the device using the default credentials, and then use the already-inbuilt functionality to perform unsolicited actions on the device. If we could get a user to connect their device to their home Wi-Fi, we (or any website loaded within the user’s home network, in a JavaScript drive-by) could siphon all video data, Wi-Fi passwords, and a list of local networks off it.