A security flaw in an Internet-connected male chastity device could allow hackers to remotely lock it — leaving users trapped, researchers have said.
The Cellmate, produced by Chinese firm Qiui, is a cover that clamps on the base of the male genitals with a hardened steel ring, and does not have a physical key or manual override.
The locking mechanism is controlled with a smartphone app via Bluetooth — marketed as both an anti-cheating and a submission sex play device — but security researchers have found multiple flaws that leave it vulnerable to hacking.
“We discovered that remote attackers could prevent the Bluetooth lock from being opened, permanently locking the user in the device. There is no physical unlock,” British security firm Pen Test Partners (PTP) said on Tuesday. “An angle grinder or other suitable heavy tool would be required to cut the wearer free.”
The firm also found other security flaws in the Cellmate — listed for US$189 on Qiui’s Web site — that could expose sensitive user information such as names, telephone numbers, birthdays and location data.
“It wouldn’t take an attacker more than a couple of days to exfiltrate the entire user database and use it for blackmail or phishing,” PTP’s Alex Lomas wrote in the report on the device.
“A number of countries have oppressive laws that may expose users of these types of devices to unwarranted interest from law enforcement and bigots,” Lomas wrote.
Qiui did not immediately respond to a request for comment.
PTP said it reached out to Qiui in April, identifying the flaws.
Qiui fixed most of the issues by updating the software, but left the older version active and its users still vulnerable, PTP said, adding that other researchers had found similar issues.
Such smart sex toys and devices are among the wave of new “Internet of things” products and appliances introduced in the past few years that are online and capable of being operated remotely.
Their connectivity has also made them vulnerable to security breaches and privacy violations.
The Canadian maker of a smart vibrator agreed to a multimillion-dollar settlement in 2017 after it was sued for collecting sensitive user information, though it did not admit any wrongdoing.
VAGUE: The criteria of the amnesty remain unclear, but it would cover political violence from 1999 to today, and those convicted of murder or drug trafficking would not qualify Venezuelan Acting President Delcy Rodriguez on Friday announced an amnesty bill that could lead to the release of hundreds of prisoners, including opposition leaders, journalists and human rights activists detained for political reasons. The measure had long been sought by the US-backed opposition. It is the latest concession Rodriguez has made since taking the reins of the country on Jan. 3 after the brazen seizure of then-Venezuelan president Nicolas Maduro. Rodriguez told a gathering of justices, magistrates, ministers, military brass and other government leaders that the ruling party-controlled Venezuelan National Assembly would take up the bill with urgency. Rodriguez also announced the shutdown
Chinese President Xi Jinping’s (習近平) purge of his most senior general is driven by his effort to both secure “total control” of his military and root out corruption, US Ambassador to China David Perdue said told Bloomberg Television yesterday. The probe into Zhang Youxia (張又俠), Xi’s second-in-command, announced over the weekend, is a “major development,” Perdue said, citing the family connections the vice chair of China’s apex military commission has with Xi. Chinese authorities said Zhang was being investigated for suspected serious discipline and law violations, without disclosing further details. “I take him at his word that there’s a corruption effort under
China executed 11 people linked to Myanmar criminal gangs, including “key members” of telecom scam operations, state media reported yesterday, as Beijing toughens its response to the sprawling, transnational industry. Fraud compounds where scammers lure Internet users into fake romantic relationships and cryptocurrency investments have flourished across Southeast Asia, including in Myanmar. Initially largely targeting Chinese speakers, the criminal groups behind the compounds have expanded operations into multiple languages to steal from victims around the world. Those conducting the scams are sometimes willing con artists, and other times trafficked foreign nationals forced to work. In the past few years, Beijing has stepped up cooperation
The dramatic US operation that deposed Venezuelan president Nicolas Maduro this month might have left North Korean leader Kim Jong-un feeling he was also vulnerable to “decapitation,” a former Pyongyang envoy to Havana said. Lee Il-kyu — who served as Pyongyang’s political counselor in Cuba from 2019 until 2023 — said that Washington’s lightning extraction in Caracas was a worst-case scenario for his former boss. “Kim must have felt that a so-called decapitation operation is actually possible,” said Lee, who now works for a state-backed think tank in Seoul. North Korea’s leadership has long accused Washington of seeking to remove it from power
RSS