back to article High-heeled hacker builds pen-test kit into her skyscraper shoes

A Chinese hardware hacker has hidden a penetration-testing toolkit into her high-heeled shoes. The Wi-Fi-popping platforms were forged in a 3D printer, and contain compartments to smuggle hacking hardware past strict security checks in data centres and the like, and later retrieved. The hacker and pen-tester, who goes by the …

  1. Sampler

    Being a fairly big bloke, size 13 shoes could come in handy for building a male version, afterall the steel toecapped safety boots it's common for IT staff to wear are rather bulky looking to start with.

    (though saved one foot when a colleague dropped a HP 4550 Color LaserJet on it - last time I gave him a hand with a two man lift)

    Fake sole that detached could stash all this gear in and a bit more. Admittedly I don't have the upper body distraction she has (those are wonderful big brown eyes) but then I do look like I spend every day in a datacentre and not out of place/need to be monitored.

    1. g00se

      TV hack

      Admittedly I don't have the upper body distraction she has

      You might consider sticking with the female shoe version, and leave the designer stubble for added effect. That will provide a distraction of a different kind

    2. Charles Manning

      "Admittedly I don't have the upper body distraction she has"

      Well I do have moobs that would compete with hers.

      Unfortunately that just causes people to avert their eyes and makes them look at my shoes.

  2. Robert Helpmann??

    What Next?

    I have to turn my phone off and leave it in a locker before coming to work. When my employers see this article, I guess I will have to do the same with my shoes. What's next? Ban all clothing?

    1. getHandle

      Re: What Next?

      Ban all clothing and bend over ;-)

      1. David Austin

        Re: What Next?

        I did some contract work at a chicken farm: To get in there required a "Poop Stick" test to check for salmonella, stripping off for a chemical shower, then putting company issued (And pool) Underwear on, then donning a disposable boiler suit.

        Needless to say, after the first time, I always sent the office junior up for that job.

        1. Danny 14

          Re: What Next?

          David, similar for me but at an automated food production line. They made ready meals for airlines (near the Scottish borders). Wasn't fun but there weren't many people who worked on the lines.

    2. Mark 85

      Re: What Next?

      Soon enough, datacenters and airlines.. same security. Could make one either not go work or begin to make you come in early depending on your co-workers.

      I think I'll stop now before I end up on the "moderated drooling idiot" list.

    3. Admiral Grace Hopper

      Re: What Next?

      If they ban clothing at my place of work I'm leaving. Imagining my colleagues naked has just given me The Fear.

      1. J.G.Harston Silver badge

        Re: What Next?

        Standard protection against puppetmasters. ;)

  3. Khaptain Silver badge

    What pen-test kit

    What shoes, ah now I see them, I was busy looking at the rest of the kit for a moment or two...

    Mon dieu, that brightened me up from what was otherwise a very grey, damp and dull tram ride into work.

  4. The Vociferous Time Waster



    1. Frumious Bandersnatch

      Re: Huh?


      Taking a line from The IT Crowd, yes, "THE SHOES!" I wonder if this is where the hacker got her idea that men don't notice them?

  5. Alister

    Frankly, if she walked into a datacentre, there's no way she'd be able to carry out any hacking, 'cos she'd be followed everywhere by a pack of drooling techies...

    1. Elmer Phud


      No need, yer average techies would be fighting each other to do what she asks them to.

      She knows that the Bulgarian Airbags are a distraction and a useful part of her hacking kit.

    2. Grikath


      If she'd walk into a datacenter ( or any security-sensitive outfit for that matter) like that, she'd immedeately be tagged as highly suspicious, and I'd, for one, start looking for what she's supposed to divert attention from, including the shoes. The MaleBait is too obvious, especially if she's unaccompanied, and not acting like Adornment/Secretary (yes... Asia.. different culture.. unknot your panties..).

      Call me a suspicious bastard, but if it's Too Good To Be True, etc. And any fool that falls for it would reap the fruits of the shortsightedness of his Other Brain.

      1. martinusher Silver badge

        Re: bait...

        Women who do practical jobs tend to have clothing suitable for those jobs so they'd turn up (for example) at a data center wearing plain, practical, and above all, comfortable kit. If you met the same person in a social setting you may not recognize her until she spoke to you.

        The only women who actively dress up for work in an engineering workplace are typically in sales type roles where their job requires them to be (as my mother would say) 'tarted up'. My daughter used to get a lot of these reps when she was working in Texas, they'd be trolling the local companies selling supplies and the like but as she said "it was a bit wasted on her" (but I suppose there was some innate solidarity -- after all, a girl has to make a living...).

  6. Arachnoid

    Given the size of a small mobile

    Even in that dress one could have hidden a device or two or made a decorative belt type device with the Ariel around the waist.All very James Bondish but hardly new the OSS were hiding stuff in shoes during WWII.

    1. Allan George Dyer

      Re: Given the size of a small mobile

      Be fair, the OSS never hid an entire computer in a belt-buckle or even a shoe.

      1. YetAnotherLocksmith Silver badge

        Re: Given the size of a small mobile

        She herself admits she is standing on the shoulders of giants. It's a cool thing to do, amazing from the perspective of even just 10 years ago, but today? Literally anyone competent can do this in a few days at their local hackspace, for under £100.

        The pace of change is stunning.

        1. Sir Runcible Spoon

          Re: Given the size of a small mobile

          "The pace of change is stunning."

          'May you live in interesting times.'

          1. TimeMaster T

            Re: Given the size of a small mobile

            'May you live in interesting times.'

            I've never been sure if that was meant as a blessing or a curse

            1. h4rm0ny

              Re: Given the size of a small mobile

              >>I've never been sure if that was meant as a blessing or a curse

              Generally meant as a curse. It is alleged to be the reply Confucious gave to a student who moaned about finding themselves living in a peaceful society instead of the interesting times they read about in history. But that is probably a later invention. All we really know is that it was supposed to be a Chinese curse by the British.

            2. Tcat

              I've never been sure if that was meant as a blessing or a curse


        2. Ian Watkinson

          Re: Given the size of a small mobile

          Yes but they are not say, look I'm a Women, I did this, and I will help you do it.

          Or if they are, then they need better advertising...

    2. JLV

      Re: Given the size of a small mobile

      Am guessing the shoes are also below scanner level, unlike belts. It's why airport checks have you take them off, but security can't do that elsewhere.

  7. Anonymous Coward
    Anonymous Coward


    This uses the Modesty Blaise "stunner"


    to deflect the attention and get the advantage

  8. J.G.Harston Silver badge

    Is that her in the picture? She looks deformed.

    1. Elmer Phud

      Silicon Valley

      "Edit: Normally I have to sort though about 50% identical replies to my posts on Reddit. For those flexing their fingers and getting ready to give me a hard time: Yes, they are fake. Yes, I feature them prominently and deliberately in everything I do. No, most of my projects do not have all that much technical merit- they are 90% silicone and 10% silicon ;-) No, if you point out the absolutely obvious no one will think you are insightful, edgy or cool. They will think you are 12. "

      1. J.G.Harston Silver badge

        Re: Silicon Valley

        Maybe I'm weird, but I don't find women who look like they're desperate for breast reduction surgery visually attractive. And how did any of these plastic surgeons manage to get their degrees? Have any of them actually *seen* a real human breast?

        1. Peter Simpson 1

          Re: Silicon Valley

          Looks more like Silicone Valley in this case...

          1. RobZee

            Re: Silicon Valley

            Self-mutilation, all in the name of attention seeking. The most extreme form of Histrionic Personality Disorder.

        2. SexyCyborg

          Re: Silicon Valley

          >I don't find women who look like they're desperate for breast reduction surgery visually attractive.

          It might come as a shock. But it's not about you. Sometimes we do things for ourselves. Crazy, I know.

          1. h4rm0ny
            Thumb Up

            Re: Silicon Valley

            >>"It might come as a shock. But it's not about you. Sometimes we do things for ourselves. Crazy, I know."

            Hey. Welcome to The Register! I found your article fun. Building your own hacking kit into high-heels is pretty cool. Please ignore the troll - I think some people just enjoy feeling superior by looking down on what others like / choose. If your looks make some people underestimate your technical skills because they are stuck on some "geek" image of programmer, that's an advantage to you! :)

            I like that your shoes will pass under many metal detectors at doorways, btw.

          2. J.G.Harston Silver badge

            Re: Silicon Valley

            Well, I've always said that any adult is fully at liberty to do/have done to their body whatever they want, but you also have to acknowledge and take on the responsibility for any damage it causes to bodily function and any resultant the societal "oddness" of sticking out from the crowd.

            I live in Whitby. You'd blend into the background here during Goth Weeks.

            1. x 7

              Re: Silicon Valley

              "I live in Whitby"

              I hate to think of the size of the explosion if a vampire bit her implants......

    2. h4rm0ny
      Paris Hilton

      >>Is that her in the picture? She looks deformed

      I think there should be a rule that anyone posting physical criticisms of people in an article should be required to accompany it with a recent photo of themself. Similarly dressed, for fairness.

      1. Ben Tasker

        I think there should be a rule that anyone posting physical criticisms of people in an article should be required to accompany it with a recent photo of themself. Similarly dressed, for fairness.

        I quite like that idea, but does it recurse?

        I.e. if OP had included a picture of himself in heels and a tight dress, and I wanted to criticise his appearance would I need to go wardrobe raiding too?

        Also, fair to say that if the missus caught me dressed like that, "I wanted to comment on a news article" probably wouldn't work as an excuse :D

        It's an impressive little project, I can think of places I've been where it probably wouldn't work, but I can also think of quite a few where it would

        1. h4rm0ny

          >>"I quite like that idea, but does it recurse? I.e. if OP had included a picture of himself in heels and a tight dress, and I wanted to criticise his appearance would I need to go wardrobe raiding too?"

          Yes, it's turtlesblack mini-dresses all the way down.

          1. Brewster's Angle Grinder Silver badge

            "Yes, it's turtlesblack mini-dresses all the way down."

            The point of a minidress is it doesn't go all the way down.

  9. Chozo

    Any data centre with locks that can be opened by those tools deserves to be pwned.

    1. Danny 14

      yeah, normally you have to type 2580 (or occasionally 1379) on the doorlock

      1. Anonymous Coward
        Anonymous Coward

        or 8008135...

        1. Anonymous Coward
          Anonymous Coward

          7175 is shorter...

        2. J.G.Harston Silver badge

          The post is required, and must contain letters.


    2. Blank Reg

      I've defeated datacenter locks with a coat hanger when the card scanner wasn't letting me in. Much faster than waiting for security to fix their screwup.

    3. Dr Dan Holdsworth
      Black Helicopters

      Yes, it is entirely possible to get much, much smaller, more compact lock picking tools that will do the same as the stuff she was waving around there. However if the owners of a datacentre are serious, they will not be using the frankly laughable rubbish that the likes of Masterlock are selling, but will (like my employer) be using Abloy locks.

      Abloy make locks which are not susceptible to shimming, nor to simple pin-lifting tricks. They can be opened, of course, but the quick way tends to be rather SOE and very noisy.

      It is also worth noting that any data centre worthy of being called secure will not permit anything with an unknown MAC address to send any packets at all, and very likely simply will not have any internal wifi network, simply to remove this attack vector. On a similar line, this pen tester wouldn't be allowed in simply because her footwear doesn't meet the international safety standards.

      Still, nice trick to smuggle in tools, and some rather nice silicone on view, too (I'm only human...).

      1. Brad Ackerman
        Black Helicopters

        Not X10s, then?

      2. PNGuinn

        Data Centre Security @ Dr Dan Holdsworth

        Yeah, agreed. Every data centre SHOULD be as secure physically as it is digitally.

        In practice, however, ....

        I'd be interested if commentards would post (as AC of course) some details of the type of security they actually face in their day to day work, and, as vaguely as necessary, some idea of the nature of the data behind the locks.

        Is most of the effort directed to preventing digital intrusion from outside, ignoring the obvious that if you have physical access.....?

        1. Anonymous Coward
          Anonymous Coward

          Re: Data Centre Security @ Dr Dan Holdsworth

          some details of the type of security they actually face in their day to day work

          Usually there is a VPN access - it costs money (taxi, time) to get into the physical data centre - especially for the in-sourced 3-rd world support, and usually the shared(!) VPN password is never changed. On campus there will be one or more special VLAN's that route traffic to the "Machine Room".

          People will run HP-ILO et. cetera on that to configure machines, or VmWare tools. I assume that VmWare is popular because the license costs alone will put the CTO on the board, next to Human Resources (who shouldn't be on the board either).

          Usually there is SSH login to the machines on the special VLAN, often via a Jump-Box (a machine inside the DMZ that can connect "out" through the firewall), in the typical Free Pizza, Coke & Games IT-shop this SSH passwords will be shared and never change - it is too much work to update LDAP every time another student joins or leaves.

  10. Anonymous Coward
    Anonymous Coward

    There's a penetration testing joke here somewhere but I think I'll avoid it.

    1. Danny 14

      yeah I know! What noob takes physical lockpicks to a datacentre! <snort>!

    2. Anonymous C0ward

      Yeah, you might get a virus.

  11. Matthew 17

    Very James Bond

    The devices did seem a bit over sized, it's not going to be subtle to use.

    1. James O'Shea

      Re: Very James Bond

      <cough> Mr. Bond is notoriously a blunt instrument. </cough>

  12. Anonymous Coward
    Anonymous Coward

    "Penetration testing"

    fnaar fnaar

  13. Grifter

    Somewhat prude?

    Your link to her imgur is titled "in a post (somewhat NFSW)", aside from the typo, why is her imgur page not safe for work? There's no nudity, there's no sex, there's nothing unsafe except for some power and machine tools. Maybe you've been locked up in a basement too long Mr Pauli, but outside there are women, and they *gasp* do stuff. While looking like women. This is 2015, so no need to be a prude =)

    1. Anonymous Coward
      Anonymous Coward

      Re: Somewhat prude?

      I could see a number of women I've worked with at the very least making snide remarks.

      Better safe than sorry.

      1. Anonymous Coward
        Anonymous Coward

        Re: Somewhat prude?

        "I could see a number of women I've worked with at the very least making snide remarks."

        Perhaps the answer is to get them to read the whole article because she's actually making a lot of very good points about security which many managements simply can't imagine. Their idea of a "hacker" seems to be an unwashed bloke in a T-shirt with an incomprehensible message on the front. The pictures of the young lady doing stuff with tools and IT gear might make them think.

        Especially as rumour has it that on the West Coast there are an awful lot of nubile Chinese women whose primary employer is the Government of the People's Republic of China. There have been enough reports of them getting invited to parties and being found in home offices putting USB sticks into secured laptops and the like that you would have thought that the threat would have been taken seriously long ago. But seemingly not. Because the brogrammer culture assumes that women are technically incapable.

    2. ssharwood

      Re: Somewhat prude?

      Readers sometimes tell us they like a NSFW flag because they want to know when they should exercise caution before reading a story at work. It's not prurience or a moral judgement but a little warning in case readers feel this kind of image might be inappropriate in their workplace.

    3. Reghack Pauli

      Re: Somewhat prude?

      Just being cautious. For added fun, click here Imgur name and check out here review on 3D body scanner printer things. That is legit NSFW.

  14. Rafael 1

    Mildly nsfw?

    I love it how the "mildly nsfw" bit was just below the picture -- it took me half an hour to notice it.

    The picture, of course, can't be unseen.

  15. orb8

    She's obviously pretty good at single pin picking too considering she only needs one rake.

    1. codejunky Silver badge

      @ orb8

      Personally I find single pin picking easier than the rake. Probably a technique thing but I find it far more hit and miss with a rake

    2. SexyCyborg

      At least someone noticed:-) SPP FTW

      1. x 7

        we definitely noticed! Nice to have you with us.

  16. BinkyTheMagicPaperclip Silver badge


    However, I do echo the comments of the poster above that her choice of outfit raises alarm bells. It's not exactly standard office wear, is it?

    It's a fair point that she dresses to distract and has no other space to store equipment, but a viable alternative is still being moderately distracting, but using a more modest outfit (better to hide equipment) . Bra storage is also significant if you've got sufficient frontage, and less likely to be searched - a router might be stretching things, but a mobile phone isn't.

    1. Frumious Bandersnatch

      Re: Clever..

      she dresses to distract and has no other space to store equipment


      1. Anonymous Coward
        Anonymous Coward

        Re: Clever..

        She dresses like she's gearing up for her next sexual harassment compensation claim in the hope that nobody will dare look at her too intently.

        This is why you need mixed security staff.

      2. Chika

        Re: Clever..

        "Give her a body cavity search. Go deep and hard..." - Paraphrased from Beavis & Butthead Do America

  17. Steve Evans

    Holy shamoly...

    Sorry, all coherent brain function has just failed...

    Thank God I'm not in charge of door locks!

  18. Anonymous Coward
    Anonymous Coward

    Sorry, what was the article about....?

    Did someone write something...?

  19. Bota

    "Hey John...

    someone in reception needs to have a tour of the server room. She's from..can't remember..I'll just send her in"

    Quite the irony of her coming to my work to try and get backdoor access. Great minds and all that.

  20. Anonymous Coward
    Anonymous Coward

    Not sure how it's NSFW given that it's a girl in a dress.

    However the body scanning article on the other hand....

    1. Steve Evans


      "I'm inordinately proud of the amount of plastic required to support my boobs :-D"

      She's knows exactly what she's doing... VERY DANGEROUS! DO NOT APPROACH!

      1. P. Lee



        May explode at high altitude!

  21. Michael H.F. Wilkinson Silver badge

    A kind of SEP-field, maybe

    By making something EXTRA VISIBLE her shoes become Someone Else's Problem, and they are therefore invisible

  22. Rick Giles


    can someone tell me what the article was about? I can't seem to read past the photos...

  23. theOtherJT Silver badge

    If you let people into sensitive parts of your building unaccompanied...

    ...then you deserve whatever you get, frankly. If you don't work here then you don't get an access card that gets you into the server room and someone has to accompany you at all times. Hell, if you DO work here you probably don't get one of those. We only have 6 of them and that's one for each of the 5 IT staff and one "all access" pass kept in the break-glass-in-emergency thing for the fire department that sets off all the alarms if it's opened.

  24. El_Fev

    The first picture has been photoshopped, the second hasn't where you can see her normal chest size. Why if the reg posting an obvious photoshopped picture?

  25. L05ER

    Cover: Blown.

    That distraction wont work now that EVERYONE knows the top heavy Asian is a pen-tester.

    1. Steve Evans

      Re: Cover: Blown.

      Gives a great excuse though... "Sorry dear, we know who you are... You must understand you can't be allowed in the building with any clothing or footwear."

  26. x 7

    "sexy cyborg goes pentesting"

    with her dressed like that I'm sure that was supposed to read "sexy cyborg goes penistesting"......mind you it could bring a whole new meaning to "penetration testing"

  27. rainjay

    Blade runner

    So that means Shenzhen is full of dodgy plastic surgeons, just like 2019 LA?

    I like the idea of warwalking with a credit card-sized pocket router and thin battery pack in your shoe. Would be an interesting toy to use at a Starbucks or an airport...

  28. WikusVanDeMerwe

    Stilettos Only...

    Considering that this is DIY I wonder what (the proverbial) they can fit into the heel of a Stiletto...

  29. Anonymous Coward
    Anonymous Coward

    Do you want to get molested by the TSA?




    Because that's how you guarantee to get molested by the TSA.

  30. Scroticus Canis

    Optical Illusion?

    Is it just me or is the one on the right bigger?

    1. 404

      Re: Optical Illusion?

      That's what I said!

      lol... Danger! Danger Will Robinson!

      <arms flailing>

  31. .stu

    Just looked at her imgur profile, and I sure am glad I did that at work and not at home with the missus sat beside me on the sofa!

  32. J.G.Harston Silver badge

    She claims to be Chinese? I wouldn't have thought that from her appearance. Exactly what ethnic group is she underneath all that plastic surgery?

    1. SexyCyborg

      I'm Chinese. From Guangdong.

    2. This post has been deleted by its author

  33. Anonymous Coward
    Anonymous Coward

    Well I, for one

    welcome our new large-chested hacking overlords.

  34. DropBear

    To be fair though, those shoes could definitely use an Acetone vapor treatment - the "DIY" (specifically, "3D printed") aspect is a wee bit too glaring the way they are in those pics...

  35. illiad


    a new level of prudery, not a nipple in sight!!! as another poster said, safe enough for work, where your receptionist may be wearing similar, but not safe for you with wife looking.... :O

    They may have 'cleaned up' the link though... :P :(

    and yes, she looks like a Thai / Japanese mix...

  36. Fruit and Nutcase Silver badge
    IT Angle

    IT Angle

    I am struggling to see one.

  37. anoff


    Great, now we'll have to take off our shoes entering every 'secure' building, not just airports

  38. razorfishsl

    I suspect if she was actually any good as a 'hacker' she would have stripped the electronics out of the plastic cases, removed the stupid USB plug & sockets and hardwired the lot.

    thereby reducing down the size of the 'foot tanks' she built to house the kit.

    But dear god girl....... tone it down if you want to be taken seriously.....

    1. SexyCyborg

      >I suspect if she was actually any good as a ‘hacker'

      Clearly said I was not.

      >she would have stripped the electronics out of the plastic cases, removed the stupid USB plug & sockets and hardwired the lot.

      Oh yes bare circuit boards as a drop box or sticking out the back of a computer to log keystrokes. Totally inconspicuous in an office LOL

      >But dear god girl....... tone it down if you want to be taken seriously…..

      I’m a programmer. I earn my respect behind a keyboard. Looking the part is playing on "easy mode”.

      1. J.G.Harston Silver badge

        The stereotypical male programmer is a straggly-haired troll in mucky t-shirt and torn jeans, who is invisible to customers behind his keyboard. Do they get told: get a haircut you scruff if you want your coding taken seriously?

  39. x 7

    looks like she always wears the same underwear (NSFW)

    however that LED-illuminated dress looks a fun idea for a girlfriend who likes to go commando

    1. h4rm0ny

      >>"however that LED-illuminated dress looks a fun idea for a girlfriend who likes to go commando"

      Or actually an effective defence against perverts trying to take up-skirt photographs.

  40. BrendHart

    Looks like she will freeze to death in any decent server room on the planet.

  41. tempemeaty
    Thumb Up

    SexyCyborg's skirt of illumiation?

    SexyCyborg sure is a busy lady. I thought her illuminated skirt was innovative too.

  42. jeremy996

    I'm impressed. The problem with so much technology is its usefulness depends on someone finding an application a bystander understands. The analysis and solution works rather well; the best spy boots since From Russia with Love.

    If SexyCyborg turned up in the computer room at one of my old employers the place would stop completely. The drool would fuse the aircon as well. When I did security testing, the most useful outfit was a brown "cowcoat" over a dark blue three piece suit and a clipboard with half-completed 'official' forms on. (But that was in the days when people used to use a post-it on their screens with login and password).

  43. Michael Wojcik Silver badge

    Kids don't know their history

    All these posts, and not one mention of Thomas Bass' The Eudaemonic Pie? (Though to be fair I vaguely recall there was at least one edition under a different title, which I didn't look up and thus didn't search for.)

    It's the allegedly-true story of beating roulette using computers,1 and prominently features computers in shoes. This was around 25 years ago.

    Of course SexyCyborg's application and implementation are quite different, and I give her credit for an interesting project, an entertaining report of it (on her Imgur site), a healthy sense of humor, and an inclination to learn. I'd be overjoyed if all my students demonstrate those qualities (and to be fair some do).2

    1Roulette wheels will always be somewhat biased, and - the story claims - you can model a particular wheel given some data and predict winners with sufficient accuracy to give you an edge over the house. Haven't tried it m'self.

    2Yes, yes, feel free to make a joke about SC's other qualities here. I like pretty girls as much as the next person who likes pretty girls, but even if I weren't off the market I've always made a point of being entirely professional with my students. I've seen far too many of the sleazy professor type. And now I'd be much too old for the mostly traditional-age undergrads I occasionally teach anyway, even if I retain my unnatural youthful beauty.

    1. x 7

      Re: Kids don't know their history

      "even if I retain my unnatural youthful beauty."

      so you're another one from Whitby?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like