Hackers are going to hack, especially when this kind of private data is vulnerable.
Graham Cluley explains:
A connectable dildo suffers from numerous vulnerabilities that make it trivial for attackers to steal users'... well, "private" data.
The "Siime Eye," which comes to us from Svakom, is aptly named in that it's a $250-vibrator that for some reason comes with... a camera.
All a user needs to do is turn on the device, connect to its AP (SSID: "Siime Eye") using the default password ("888888"), open the Android or iOS app, and "install" it. From there, they can view the livestream or take pictures and video.
Tantalizing, I know.
Turned on by other researchers' work involving smart sex toys, Pen Test Partners decided to examine Siime Eye. They quickly found a hard-coded IP address that accepted blank admin credentials. An attacker can therefore easily access the device's Wi-Fi AP, which is configured as an access point. The AP name is also static, meaning someone could technically geolocate other users via a wardriving site like wigle.net.
But that doesn't come close to the worst of it.