Researchers find security vulnerabilities in Wi-Fi vibrator with camera
Researchers at security firm Pen Test Partners have uncovered multiple vulnerabilities in an Internet-of-things vibrator equipped with a camera. The vibrator appears to be easy to hack, whereby access can be gained to the video streams, among other things.
The vibrator, the Svakom Siime Eye, costs converted 233 euros and contains a built-in 0.3 megapixel camera with which users can store both photos and videos or stream them via the internet. If a malicious person is within the vibrator’s Wi-Fi range and can guess the password, the images can already be viewed. With a little more effort, the researchers managed to access the firmware. The researchers have announced this on their website.
The device works via a simple app and is also an access point. The default password ‘88888888’ was used to log in. Then the web server could be accessed quite easily, via the username ‘admin’ and an empty password field. The researchers emphasize that these credentials are processed in the code of the app, so that a user will not normally change this information so quickly.
The researchers also turned out to be able to gain root access via reverse engineering. This enabled the researchers to gain wireless access to the vibrator, even outside the Wi-Fi range. Based on certain configuration data, the researchers suspected that the vibrator had a hidden functionality to connect to Skype, send emails and adjust DNS settings.
Multiple connections turned out to be allowed without any problems. The researchers also managed to locate users of the vibrator by the access point’s static name, which is publicly visible.
The maker Svakom has not commented on the findings of Pen Test Partners. The security company has reported the weak security three times, but there has been no response from Svakom. The researchers then decided to publish their findings. They call on users to contact Svakom and choose a complex WiFi password.
This device is not the first vibrator to have a security problem. A few weeks ago, the Canadian manufacturer of the ‘connected vibrator’ We-Vibe made a settlement of 3.5 million euros available to consumers who bought the device. Without permission, the vibrator settings, battery life and temperature, among other things, would have been forwarded.