Internet Of Broken Things Jumps The Shark With IoT Chastity Penis Lock That Can Be Hacked

from the the-lock-not-the-penis dept

Say it with me now: not each last item must be linked to the web. If we have discovered something via the myriad of posts we’ve got performed on the web of damaged issues, it is that far too many units that needn’t be internet-connected are as an alternative extensive open to safety flaws and connectivity-related flaws and outages. Pet feeders, so-called smart locks, healthcare devices: all examples of issues which have been damaged or damaged into due to their being linked to the web in wildly insecure manners.

But what if I advised you {that a} lack of fundamental safety might lead to a tool you purchased doubtlessly forcing you to have somebody come at your penis with an angle grinder? Well, if you happen to purchased a Cell Mate chastity lock, you should damn well be concerned.

U.Okay.-based safety agency Pen Test Partners  mentioned the flaw within the Qiui Cellmate internet-connected chastity lock, billed because the “world’s first app controlled chastity device,” might have allowed anybody to remotely and completely lock within the consumer’s penis.

The Cellmate chastity lock works by permitting a trusted accomplice to remotely lock and unlock the chamber over Bluetooth utilizing a cell app. That app communicates with the lock utilizing an API. But that API was left open and with out a password, permitting anybody to take full management of any consumer’s gadget. Because the chamber was designed to lock with a steel ring beneath the consumer’s penis, the researchers mentioned it might require the intervention of a heavy-duty bolt cutter or an angle grinder to free the consumer.

A researcher at — checks notes and chuckles — Pen Test Partners went on to say that somebody exploiting the password-less API might lock “everyone in or out” at will. With no strategy to override the chastity lock both, you would immediately trigger lots of people to be locked out of their very own genitalia. A extra good instance of how 2020 has 2020’d the world there couldn’t be.

It gest worse. This vulnerability has been recognized about since at the least June. Qiui, a Chinese firm, pushed out a brand new API for brand spanking new customers, however did not take away the API for current customers. Why? Well, as a result of doing so would trigger all current units to lock.

Qiui chief government Jake Guo advised TechCrunch {that a} repair would arrive in August, however that deadline got here and went. “We are a basement team,” he mentioned. In a follow-up e-mail explaining the dangers to customers, Guo mentioned: “When we fix it, it creates more problems.”

As somebody who owns a penis, I can guarantee you this isn’t what one desires to listen to relating to a big steel lock that determines after I can entry it. Nor do I like the thought of bolt-cutters. Or angle grinders. Or tube-smashers. Fine, I made that final one up.

As of this writing, that is all nonetheless an issue. Whether any malicious actor has used it to mess with individuals’s dangly bits has not been confirmed formally.

It’s not recognized if anybody maliciously exploited the weak API. Several consumer critiques of the app complained that the app had bugs that may trigger the gadget to remain locked.

So, a PSA: if you are going to lock your genitalia up in a small steel vault, be certain that it is not linked to the web.

Thank you for studying this Techdirt publish. With so many issues competing for everybody’s consideration as of late, we actually respect you giving us your time. We work onerous daily to place high quality content material on the market for our neighborhood.

Techdirt is likely one of the few remaining really unbiased media retailers. We don’t have a large company behind us, and we rely closely on our neighborhood to help us, in an age when advertisers are more and more tired of sponsoring small, unbiased websites — particularly a web site like ours that’s unwilling to tug punches in its reporting and evaluation.

While different web sites have resorted to paywalls, registration necessities, and more and more annoying/intrusive promoting, we’ve got at all times saved Techdirt open and obtainable to anybody. But with a view to proceed doing so, we need your support. We supply quite a lot of methods for our readers to help us, from direct donations to particular subscriptions and funky merchandise — and each little bit helps. Thank you.

–The Techdirt Team

Filed Under: chastity, hacked, hacking, internet connected, iot, security


Please enter your comment!
Please enter your name here