Internet controlled chastity device

[Dave (imported)]

This ought to be a story about forced chastity...



Internet-enabled male chastity cage can be remotely locked by hackers

It’s the intended use case, just not the intended use..

The Qiui Cellmate Chastity Cage can be remotely locked using a mobile app, with no manual override.

A security flaw in an internet-enabled male chastity device allows hackers to remotely control the gadget and permanently lock in wearers, researchers disclosed today.

The Cellmate Chastity Cage, built by Chinese firm Qiui, lets users hand over access to their genitals to a partner who can lock and unlock the cage remotely using an app. But multiple flaws in the app’s design mean “anyone could remotely lock all devices and prevent users from releasing themselves,” according to UK security firm Pen Test Partners.

BREAKING OPEN THE CHASTITY CAGE BY HAND WOULD REQUIRE BOLT CUTTERS OR AN ANGLE GRINDER

Even worse, as the chastity cage does not come with a manual override or physical key, locked-in users have few options to break out. One is to cut through the cage’s hardened steel shackle, an operation that would require bolt cutters or an angle grinder, and that is made trickier by the fact that the shackle in question is fastened tightly around the wearer’s testicles. The other, discovered by Pen Test Partners, is to overload the circuit board that controls the lock’s motor with three volts of electricity (around two AA batteries’ worth).

News of the security flaw was first reported by TechCrunch, and it suggests it’s worth doing your research before purchasing “smart” gadgets with more intimate use cases.

“It isn’t tremendously unusual to find an issue like this in many IoT fields, and teledildonics is no real exception,” security researcher Alex Lomas of Pen Test Partners told The Verge via direct message. “Both ourselves and other researchers have found similar issues over the years with different sex toy manufacturers. I do personally feel that the most intimate devices should be held to a higher standard however than maybe your lightbulbs.”

Past security flaws discovered in internet-enabled sex toys have let hackers potentially hijack live-streaming footage from a dildo and take control of Bluetooth-enabled butt plugs. You can see a video explaining the flaw from Pen Test Partners below:

In the case of the Cellmate Chastity Cage, the device’s manufacturers seem to have been unusually uncommunicative in responding to the flaw. Researchers at Pen Test Partners say they first disclosed the issue to Qiui in April and received a quick response, but the company didn’t fully solve the vulnerability and has since stopped responding to emails. We’ve contacted Qiui to find out more and will update this story if we hear back.

The flaws stem from an API used to communicate between the chastity cage and its mobile app. This not only allowed hackers to remotely control the device but also gain access to information, including location data and passwords. Qiui updated the chastity cage’s app in June to fix the flaw, but users who have not updated their app are still vulnerable.

As Lomas explains to The Verge, Qiui is in a bit of a bind. If it disables the old API completely, it will fix the security flaw but risk locking in users who haven’t updated the app. But by leaving the original API functional, older versions of the app will continue to work with the security flaw intact. Pen Test Partners says after talking with Qiui for months, it, and other independent researchers who discovered the same issues, has decided to go public to encourage a more complete fix. The company says its write-up of the flaw also obscures its exact nature to discourage hackers looking to take advantage of the problem.

As noted by TechCrunch, though, it seems this particular flaw is the least of the Cellmate’s problems. Reviews of the device’s mobile apps on Apple’s App Store and Google’s Play Store include many complaints from disappointed customers who say the app often stops working at random.

REVIEWS OF THE CHASTITY CAGE SAY IT’S PRONE TO LOCKING UP RANDOMLY WITHOUT HACKERS

“The app stopped working completely after three days and I am stuck!” writes one user. “This is DANGEROUS software, do not lock yourself in!” Another one-star review reads: “App stopped opening after an update. This is terrifying given the amount of trust placed in it, and there’s no explanation on the website.” And a third complains: “My partner is locked up! This is ridiculous as still no idea if being fixed as no new replies from emailing. So dangerous! And scary! Given what the app controls it needs to be reliable.”

So what can people do to avoid this sort of security flaw when purchasing internet-enabled sex toys? Lomas says, unfortunately, there’s no guarantee when buying these products. “It’s very difficult, just by looking at a product or app, to tell whether it’s storing your data safely, or if they’re capturing verbose usage information and such,” he says. But a good start is to simply do your research before you buy.

“Hopefully some countries and states will start to introduce standards for IoT products in the future, but in the meantime have a search for ‘product name + vulnerability,’” says Lomas, “or take a look for pages that talk about security on the vendor’s website (and not just the old trope of ‘military grade encryption’!)”tvtv

[fhunter]

The 'S' in IoT is for 'security'.

PS. And the app update has probability of bricking the device? Especially if connection is disturbed?

PPS. Waaaay too close to home. I refuse to buy anything IoT, unless I built it myself, and have control over the servers. The story of that smart water heater that stopped working, because certain state agency blocked the whole IP address range of the cloud where control servers were located is still fresh in my mind.

[Dave (imported)]

How about an advertising campaign where a dozen or so models get locked and left to suffer?

[fhunter]

How about an advertising campaign where a dozen or so models get locked and left to suffer?

Which were engineering samples that had a bug in them? I am in. Sounds exactly right.

I'd add another idea - company goes out of business or updates to a new model line... and intentionally bricks the old ones. Without checking if they were locked or not (well, that was intended, but you know, programmers, right?)

[fhunter]

Ohhh, and you can have another one - there is hardware design flaw that.... well, causes the battery to catch fire in certain cases

[Paolo]

I read this article this morning, and I'm still speechless.

Now that I've read FHunter's posts, I think my brain has gone blue-screen.

[TopManFL (imported)]

I'm thinking that a few chastity subs might look at this as a benefit to the product.

Maybe this is a WAD?

A million years ago when I worked for a computer company in the customer service and training department, we would report a problem. Sometimes we'd just get back, "WAD" as the answer. WAD stood for "Working As Designed".

[fhunter]

Oh dear god. I thought this is fiction. And I was just giving some fiction ideas.

Damn.... First bluetooth controlled vibrators where app was sending "telemetry" (yes, this is newspeak for spying) somewhere.

Now this.

But then....

Hacking parking assist and brakes on a car via digital radio vulnerability - check.

Samsung 'accidentally' remotely bricking their bluray players via invalid update of telemetry parameters - check.

Older Tesla cars that ended up killing their flash storage, because updates took more and more space and write amplification happened.

Critical medical equipment that had remotely accessible holes giving full control (I am not kidding https://www.zdnet.com/article/mdhex-vul ... g-devices/ )

As expected.

I work in IT. And I no longer trust it. Way too much of it is done with 'wham. bam. deploy to production' mindset.

[Paolo]

Oh man, this makes it even worse, FHunter!

[fhunter]

Actually, I'd add one more interesting idea... there was an article about cutting-resistant meta-material, that actually resisted grinder pretty well.

https://www.nature.com/articles/s41598-020-65976-0

I just wonder , how well it will scale to chastity cage ('out cages are angle-grinder-proof' sounds like a good advertisement). Then add previous elements...