A security flaw in an Internet-connected male chastity device could allow hackers to remotely lock it — leaving users trapped, researchers have said.
The Cellmate, produced by Chinese firm Qiui, is a cover that clamps on the base of the male genitals with a hardened steel ring, and does not have a physical key or manual override.
The locking mechanism is controlled with a smartphone app via Bluetooth — marketed as both an anti-cheating and a submission sex play device — but security researchers have found multiple flaws that leave it vulnerable to hacking.
“We discovered that remote attackers could prevent the Bluetooth lock from being opened, permanently locking the user in the device. There is no physical unlock,” British security firm Pen Test Partners (PTP) said on Tuesday. “An angle grinder or other suitable heavy tool would be required to cut the wearer free.”
The firm also found other security flaws in the Cellmate — listed for US$189 on Qiui’s Web site — that could expose sensitive user information such as names, telephone numbers, birthdays and location data.
“It wouldn’t take an attacker more than a couple of days to exfiltrate the entire user database and use it for blackmail or phishing,” PTP’s Alex Lomas wrote in the report on the device.
“A number of countries have oppressive laws that may expose users of these types of devices to unwarranted interest from law enforcement and bigots,” Lomas wrote.
Qiui did not immediately respond to a request for comment.
PTP said it reached out to Qiui in April, identifying the flaws.
Qiui fixed most of the issues by updating the software, but left the older version active and its users still vulnerable, PTP said, adding that other researchers had found similar issues.
Such smart sex toys and devices are among the wave of new “Internet of things” products and appliances introduced in the past few years that are online and capable of being operated remotely.
Their connectivity has also made them vulnerable to security breaches and privacy violations.
The Canadian maker of a smart vibrator agreed to a multimillion-dollar settlement in 2017 after it was sued for collecting sensitive user information, though it did not admit any wrongdoing.
James Watson — the Nobel laureate co-credited with the pivotal discovery of DNA’s double-helix structure, but whose career was later tainted by his repeated racist remarks — has died, his former lab said on Friday. He was 97. The eminent biologist died on Thursday in hospice care on Long Island in New York, announced the Cold Spring Harbor Laboratory, where he was based for much of his career. Watson became among the 20th century’s most storied scientists for his 1953 breakthrough discovery of the double helix with researcher partner Francis Crick. Along with Crick and Maurice Wilkins, he shared the
OUTRAGE: The former strongman was accused of corruption and responsibility for the killings of hundreds of thousands of political opponents during his time in office Indonesia yesterday awarded the title of national hero to late president Suharto, provoking outrage from rights groups who said the move was an attempt to whitewash decades of human rights abuses and corruption that took place during his 32 years in power. Suharto was a US ally during the Cold War who presided over decades of authoritarian rule, during which up to 1 million political opponents were killed, until he was toppled by protests in 1998. He was one of 10 people recognized by Indonesian President Prabowo Subianto in a televised ceremony held at the presidential palace in Jakarta to mark National
US President Donald Trump handed Hungarian Prime Minister Viktor Orban a one-year exemption from sanctions for buying Russian oil and gas after the close right-wing allies held a chummy White House meeting on Friday. Trump slapped sanctions on Moscow’s two largest oil companies last month after losing patience with Russian President Vladimir Putin over his refusal to end the nearly four-year-old invasion of Ukraine. However, while Trump has pushed other European countries to stop buying oil that he says funds Moscow’s war machine, Orban used his first trip to the White House since Trump’s return to power to push for
LANDMARK: After first meeting Trump in Riyadh in May, al-Sharaa’s visit to the White House today would be the first by a Syrian leader since the country’s independence Syrian President Ahmed al-Sharaa arrived in the US on Saturday for a landmark official visit, his country’s state news agency SANA reported, a day after Washington removed him from a terrorism blacklist. Sharaa, whose rebel forces ousted long-time former Syrian president Bashar al-Assad late last year, is due to meet US President Donald Trump at the White House today. It is the first such visit by a Syrian president since the country’s independence in 1946, according to analysts. The interim leader met Trump for the first time in Riyadh during the US president’s regional tour in May. US envoy to Syria Tom Barrack earlier
RSS