Wi-Fi sex toy with built-in camera fails penetration test

Sex toy designer Svakom decided that a vibrator needed a camera on the end, and it also needed a Wi-Fi access point – with the utterly predictable result that the device is hackable.

Pen Test Partners – these jokes just write themselves, really – took a look at the device, and the researchers probably wish they hadn’t, because the Svakom Siime Eye is an early favourite for a hypothetical 2017’s Worst Internet-of-S**t Product award.

Looking at the Android app, Pen Test Partners’ (PTP’s) researchers first turned up “some hard-coded credentials, and a hard-coded IP address and port.”

The hard-coded credentials, admin:blank, make it “trivial” to connect to the dildo’s Web admin interface, PTP writes, and even better – the Web app serves the video from the camera, and because it’s an access point, an attacker within range can identify users.

It gets worse.

Unless it’s bought by someone who pays attention to their home security, the access point name is static “under normal use.” That means “Siime Eye” is already turning up on war-driving sites (the post cites wigle.net as its example) so that pervs can figure out where the device is in use, and tune in to its output.

And there’s a Skype interface – or, at least, there’s a cgi script called skype_pwd, along with other scripts for sending emails and changing DNS settings.

With a little work, PTP was able to siphon the video stream from the dildo, meaning someone’s most intimate activities are badly protected.

With a little more work – we’re actually into hacking here, people, PTP had to look at the UART outputs! – the unremarkable Telnet password reecam4debug, and with that, the dildo is rooted: “We’ve got complete control over every inbuilt function in the Siime Eye, easy access to the video stream, a root shell and persistence on a dildo.”

Responsible disclosure says you only go public (a) after a patch is available, or (b) you get no response from the vendor. Guess which one of these made PTP publish the post? ®

via The Register http://bit.ly/2oIJ9pH

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s