X

Buzz off! This smart vibrator is vulnerable to peeping hacks

Others might be enjoying your sex toy with a view.

Erin Carson Former Senior Writer
Erin Carson covered internet culture, online dating and the weird ways tech and science are changing your life.
Expertise Erin has been a tech reporter for almost 10 years. Her reporting has taken her from the Johnson Space Center to San Diego Comic-Con's famous Hall H. Credentials
  • She has a master's degree in journalism from Syracuse University.
Erin Carson
3 min read
siime-eye07.png

Someone could hack this connected vibrator.

Svakom

Talk about bad vibes.

If you're the owner of a Svakom Siime Eye internet-connected, camera-equipped vibrator, it might be time to hide that thing in a deep, dark corner of your dresser. It turns out the smart sex toy is vulnerable to hacking, according to UK-based penetration testing and security services firm Pen Test Partners.

The $249 device works with an app that lets users watch video and shoot pictures and videos and save them to devices like phones or laptops. Granted, if you've purchased a vibrator that has a camera and connects to the internet, that probably means you want someone to watch. The problem is it's pretty easy for anyone who's within Wi-Fi range and can guess your password to access your video stream.

"This is about as private as it gets," Pen Test founder Ken Munro told CNET. "It's one thing having your email address compromised. It's another thing having your password hacked. Another thing having your credit card scammed. But this is a whole new level."

The Siime Eye is just the latest "smart" device -- anything connected to the internet and able to talk to other gadgets like phones or laptops -- to face a security crisis. While the tech industry touts the life-enhancing convenience of everything talking to everything else, consumers face headline scares with smart homes, cars and even connected toys facing security breaches. And for smaller companies, building security into a product isn't always the top priority.

Siime Eye isn't even the first connected sex toy to raise privacy concerns. Standard Innovation, a company that makes the line of We-Vibe connected vibrators, settled a class-action lawsuit in March for $3.75 million in light of its practice of storing data from the devices on its servers without permission. The We-Vibe affair was actually the inspiration for Pen Test Partners, which usually sticks to government and financial services, to test out the Siime Eye, Munro said.

Svakom defended the honor of its product.

"We respect our customers' privacy and our updated versions (more than one year old) of the Siime Eye App on both Google Play Store and Apple Store are completely secure," Svakom's online marketing manager, Anuj Saroch, told CNET via email.

Saroch also said that Svakom, which bills itself as "a premium international brand of sexual stimulators designed in the US," encourages people to use the device's phone app instead of a laptop and to change their passwords.

One of the main issues is that the Siime Eye is set up as a Wi-Fi access point instead of a client, Munro said, leaving users more exposed. Hackers can use access point names to geolocate devices. Pen Test Partners also found information that could be used to access the Siime Eye server, hard-coded into the app. The Siime Eye was vulnerable to Pen Test Partners' hacking efforts, but in a blog post the firm made the point that even if you're not a skilled hacker, if you can get near a Siime Eye and figure out the likely weak or default password, you've got access.

With the rise of smart gadgets and the internet of things, don't be surprised by what else ends up gathering data. Take, for example, the i.Con Smart Condom. It's a ring that collects stats like thrusting velocity, calories burned, skin temperature and how many times you just did the deed (in case you've totally lost track).

Pen Test Partners recommends changing the Siime Eye password to something long and complicated. And while it's not a total guarantee, Munro suggests buying IOT devices made by larger companies -- those that would have the resources and motivation to fix problems, should they arise.

Originally published April 4 at 11:19 a.m. PT.
Updated April 5 at 6:34 a.m. PT: Added comment from Svakom.

It's Complicated: This is dating in the age of apps. Having fun yet? These stories get to the heart of the matter.

CNET Magazine: Check out a sampling of the stories you'll find in CNET's newsstand edition.