Camera-equipped sex toy manufacturer ignores multiple warnings about horrible, gaping security vulnerability

The uniquely horribly named Svakom Siime Eye is an Internet of Things sex-toy with a wireless camera that allows you to stream video of the insides of your orifices as they are penetrated by it; researchers at the UK's Pen Test Partners discovered that once you login to it via the wifi network (default password "88888888"), you can root it and control it from anywhere in the world.

Pen Test Partners repeatedly warned Svakom of the vulnerability over a period of three months. Having received no reply to date, they've gone public.

Beau du Jour found that the Siime Eye creates a Wi-Fi internet access point whose password, by default, is "88888888." That way, anyone in range can connect to it by guessing the simple password, as he explained in a blog post published on Monday. By looking at the code of the mobile app that comes with the dildo, the researcher also found that once on the dildo's Wi-Fi, you can access its webserver. This has a login portal, but the user is "admin" and the password is blank.

By reverse engineering the firmware, Beau du Jour found a way to get root—hacker speak for taking full control of it—and get persistence on the device, meaning that he could connect to it even outside the range of the Wi-Fi. At that point, it was game over for the smart camera dildo.

Vulnerable Wi-Fi dildo camera endoscope. Yes really [Pen Test Partners]

Hackers Can Easily Hijack This Dildo Camera and Livestream the Inside of Your Vagina (Or Butt) [Lorenzo Franceschi-Bicchierai/Motherboard]

Start the discussion at bbs.boingboing.net