A wi-fi-enabled sex toy that features an in-built camera can be hacked, security researchers say.
Pen Test Partners, which tested the Siime Eye vibrator, said it was “trivial” to connect to its web interface.
This meant attackers could access intimate videos recorded by the device, as well as control other functions.
Svakom, the US firm that makes the toy, said updated versions of its software were “completely secure”.
According to firm’s website, the Siime Eye has a built-in micro camera and a hidden searchlight, which can be connected to a PC, tablet or mobile phone via wi-fi.
The firm says this allows users to “record and share” their experiences with a partner via “pictures or videos”.
But in a blog, Pen Test Partners showed how the device could be hacked.
It said someone within range of the device could access its video stream, either by working out the user’s password, or entering the manufacturer’s default password, 88888888, if it had not been changed.
Those with more advanced knowledge could gain “complete control” over operation of the device, Pen said.
“It’s trivial to connect to the access point (AP),” it said, “[and] if you can get onto the wireless AP, you’ll have instant access to everything on this web application.
“Oh, and being a wi-fi AP means you can find users too… This part surprised us the most.”
Pen Test said it had contacted Svakom several times about the issue since December but had not heard back.
A spokesperson for Svakom told the BBC there had only been vulnerabilities when using the toy with a laptop.
“We recommended our users to use the Siime Eye only on their smartphone,” they said.
“Moreover, in the instructions on the app and user manual it is clearly stated to change the password of the wi-fi to ensure privacy.”
They added: “We respect our customer’s privacy and our updated versions (more than one year old) of the Siime Eye App on both Google Play Store and Apple Store are completely secure.”
It comes weeks after Canadian firm Standard Innovation agreed to pay $3.75m (£3m) to settle privacy claims regarding some of its We-Vibe sex toys.
Some We-Vibe models collected intimate user data and sent it back to the manufacturer without the user’s consent.
Tech experts said the vibrator could also be hacked although Standard Innovation, which did not admit wrongdoing, said none of the devices’ data was accessed by outside parties.