Siime Eye Hacked by Pen Test Partners

Siime Eye Hacked by Pen Test Partners

The innovative Siime Eye can be hacked if users do not update the default password.

Imagine you give in to your kinky side or you figured out that "webcaming" can earn you a nice amount of money and therefore you purchase a wi-fi-enabled sex toy with a built-in camera. All good and dandy… your partner (or web based clients) will definitely enjoy the "insights". But what if it isn’t just the intended person who manages to view your most intimate… err… moments / bits?

In a world, in which technology achieves new heights nearly every day, Svakom (a sex toy designer that advertises as "The world’s leader in intelligent intimate lifestyle products") made their innovative vibrator - sexy, colourful (purple or pale pink) vibrating endoscope - available for purchase.

According to Svakom's website, the -"Can you ‘see’ my pleasure?" - Siime Eye ($249) has a built-in micro camera and a hidden searchlight, which can be connected to a PC, tablet or mobile phone via wireless Wi-Fi. So, the customer can "witness the love" they "share with a picture or a video" and "record" their "own intimate moment". If you ever wondered how it looks inside your vagina when you masturbate and orgasm (because, let’s face it, it wouldn’t be appropriate to do so when you are paying a visit to your gynaecologist), the Siime Eye "allows you to know the subtle changes inside of your private areas". And as a bonus, "you can record and share the wonderful sex adventure to your partner via pictures or videos". Of course, the people who designed this appear to have tackled every possible desirable feature: an intelligent mode (that "stimulates vibration frequency during the whole process of sex" – hope you don’t anger who ever hacks into the controls), powerful but quiet ("whisper quiet" – advertised with the image of a sleeping woman… oh, dear!), covered in soft silicone ("her angelic eye makes the elegant and fashionable appearance" – eat your heart out, Lord Byron) and 100% waterproof ("not only you can enjoy yourself or entertaining in water, you can also take pictures of underwater world" – so next time you visit the Great Barrier Reef, you know what to do). In case you run out of ideas, Svakom even provides you with some drawings (a modern version of Kama Sutra) illustrating "more methods", therefore "more pleasure".

Svakom even thought of the "safety" of its clients, urging them to change the default password (88888888) to one more suitable (suggestion: iCanSeeYou). Indifferent to the "whisper quiet" spell of "her angelic eye", the researchers at Pen Test Partners – PTP (Penetration testing and security services) decided to test the Siime Eye’s impenetrability.

They found that the Android App had some "hard-coded credentials" (admin: blank) and a "hard-coded IP address and port" and therefore made it "trivial" to connect to its Web admin interface. Serving the videos directly from the camera and being an access point (which is static "under normal use"), the Web App turned up on wardriving sites (like wigle.net) and allowed anybody to see where the Siime Eye was used and also to tune into its outputs.

Having a Skype interface - cgi script called skype_pwd - along with others for sending emails and changing DNS settings, made things even easier for PTP. They managed to siphon the video stream and to gain "complete control over every inbuilt function in the Siime Eye".

"Even without all that effort" (like writing a rogue application, etc.), "if we can get anywhere near a Siime Eye and crack into the Wi-Fi App with a (most likely) weak or default password, we can almost immediately get a root shell and a video stream… Oh, and being a Wi-Fi App means you can find users too… This part surprised us the most."

Surely, the researchers from PTP were not the only ones surprised. Think of the fish of the Great Barrier Reef finding they are being photographed and filmed with a pink dildo!

For the full research visit the Pen Test Partners’ blog.

Interviewed by the BBC, a spokesperson for Svakom admitted only to vulnerabilities when using the toy with a laptop. "We recommended our users to use the Siime Eye only on their smartphone," Svakom’s employee said. "Moreover, in the instructions on the app and user manual it is clearly stated to change the password of the wi-fi to ensure privacy." The spokesperson added: "We respect our customer's privacy and our updated versions (more than one year old) of the Siime Eye App on both Google Play Store and Apple Store are completely secure."

As a conclusion, I would like to personally suggest some improvements for this type of camera – vibrator. Firstly, what about a wider colour range… maybe a camouflage one (think of the marine wildlife)? And considering its possible wider usage, why not endow it with an extendable, thinner endoscope? It would make things like identifying ear infections and haemorrhoids, searching for lodged peas in nasal cavities and spying through keyholes so much easier to share with the web wide world. Come on guys, put some effort into it! Surely, nobody would mind…

6 Apr 2017

Latest News

Bongacash Affiliates Chaterbate Affiliates