A $250-vibrator that comes with a camera has a hard-coded IP address that accepted blank admin credentials. An attacker can therefore easily access the devices Wi-Fi AP, which is configured as an access point. The AP name is also static, meaning someone could technically geolocate other users via a wardriving site like wigle.net. Pen Test Partners dumped the dildo’s root Linux filesystem, exposed the contents of /etc/passwd, and wrote themselves in as a root user. They then grepped for root after poking around on /bin/destruct.”]
Source: https://grahamcluley.com/smart-dildos-security-vulnerabilities-fulfill-every-hackers-fantasy/