Hi-tech CHASTITY BELT for men could be remotely locked by hackers – and would have forced users to cut it off with a grinder
- The Chinese-made chastity belt connects to a smartphone app that controls it
- But British-based research firm found a hack that could override these controls
- This meant that with the right data, hackers could tell the belt not to unlock
- Pen Test Partners told the sex-toy manufacturer Qiui in May of their discovery
A security flaw in a hi-tech chastity belt for men meant the device could be locked remotely by hackers and would have forced users to cut it off with a grinder.
The flaw also made it possible for hackers to remotely lock all the global devices simultaneously.
A team of UK security professionals flagged the bug to Qiui, the Chinese developers of the app that controls the internet-linked sheath called the Cellmate Chastity Cage.
A group of UK tech researchers discovered that the Cellmate Chastity Cage (pictured) could be permanently locked by a hack, forcing anyone wearing one to be forced to remove it with brute force
The developers have now fixed the bug in the sex toy’s app and have also published a manual workaround, which will be useful for anyone with the old version of the app still at risk of getting stuck.
Beforehand, with no manual override, anyone caught in such a predicament could have been forced to resort to brute force – at their own risk.
Buckingham-based cyber-security firm Pen Test Partners (PTP) have a track-record for bringing quirky cyber-flaws to light, and have highlighted problems with sex toys in the past.
The firm said that their latest discovery demonstrated that developers behind ‘smart’ adult products still have lessons to learn.
‘The problem is that manufacturers of these other toys sometimes rush their products to market,’ Alex Lomas, a researcher at the firm, told the BBC.
‘Most times the problem is a disclosure of sensitive personal data, but in this case, you can get physically locked in.’
Chinese manufacturer Qiui released an update to the app, as well as a manual override for anyone who did become stuck (pictured) which involved breaking into the device
The Cellmate Chastity Cage is sold online for about $190 (£145), and is advertised as a way for its users to give their partners control over access to their bodies.
It wirelessly connects to a smartphone via a Bluetooth signal, which is used to activate the devices lock-and-clamp mechanism.
In order to do this, however, the software must send commands to a computer server used by the manufacturer.
PTP said they found a way to trick the server into disclosing the registered name of each device owner and the coordinates of the locations from where the app has been used around the world.
Furthermore, they were able to reveal the unique code given to each device.
Using the unique code, the server could be told to ignore app requests to unlock any of the devices that have been identified, potentially leaving users locked in.
The device sells online for around $190 (£145), and tech-researchers Pen Test Partners believe about 40,000 of the devices have been sold. The hack was also able to learn of the GPS locations of all devices that have been used around the world (pictured)
The research team alerted Qiui in May of the potential security risk, and while the Chinese firm updated the app and its server API, they still left an earlier version of the API online, leaving those with the older version at risk.
Qiui later told the research team that while they had tried to fix the issue, they had found it had created more problems.
Five months after first alerting the Chinese developers of the issue, PTP decided to public with their discovery.
‘Given the trivial nature of finding some of these issues and that Qiui is working on another internal device, we felt compelled to publish,’ Mr Lomas said.
Based on the number of IDs that have been granted by its creator, PTP believes about 40,000 of the devices have been sold.