Jump directly to the content
LOCKDOWN LOINS

‘Smart’ chastity devices could be hacked – trapping a man’s PENIS inside metal cage

A BUG in a "smart" chastity belt for men left users at risk of having their genitals permanently locked in the gadget.

The flaw exposed the gonad-pinching gizmo to hackers who could have controlled it remotely without the user knowing.

The Cellmate sex toy is billed as the 'world’s first app controlled chastity device'
3
The Cellmate sex toy is billed as the 'world’s first app controlled chastity device'

It was spotted by researchers at Brit cyber security firm Pen Test Partners, who published their in a blog post on Monday.

Dubbed the Qiui Cellmate, the sex toy is billed as the "world’s first app controlled chastity device" and is reportedly used by tens of thousands of people across the globe.

The wearer's todger is placed inside a metal tube which can then be locked or freed from a ring that sits at the base of the genitals.

By connecting the toy to a phone via Bluetooth, a partner can control it with the push of a button on a connected app.

The raunchy device is reportedly used by tens of thousands of people across the globe
3
The raunchy device is reportedly used by tens of thousands of people across the globeCredit: Qiui

However, a major security hole unearthed by Pen Test Partners meant hackers could have taken control of someone's device instead.

"Remote attackers could prevent the Bluetooth lock from being opened, permanently locking the user in the device" researcher Alex Lomas said.

"There is no physical unlock. An angle grinder or other suitable heavy tool would be required to cut the wearer free."

The flaw found was linked to the smartphone app that connects to the Cellmate, Alex said.

The flaw found was linked to the smartphone app that connects to the Qiui Cellmate
3
The flaw found was linked to the smartphone app that connects to the Qiui CellmateCredit: Qiui

The app communicates with the sex toy's lock using an API, a piece of software that allows two bits of tech to talk to one another.

However, Qiui, the China-based firm behind the toy, did not ensure the API was secured with a username and password, exposing it to almost anyone.

Alex said an attacker could easily lock “everyone in or out” in an instant.

"There is no emergency override function either, so if you’re locked in there’s no way out," he wrote.

How to stay safe from hackers

  • Protect your devices and networks by keeping them up to date: use the latest supported versions, use anti-virus and scan regularly to guard against known malware threats.
  • Use multi-factor authentication to reduce the impact of password compromises.
  • Tell staff how to report suspected phishing emails, and ensure they feel confident to do so, investigate their reports promptly and thoroughly.
  • Set up a security monitoring capability so you are collecting the data that will be needed to analyse network intrusions
  • Prevent and detect lateral movement in your organisation’s networks.

It's not known if anyone exploited the vulnerability, which also surrendered access to the private messages and the location of users.

Qiui was informed of the flaw in June, but by August had still not fixed it.

Pen Trust Partners said the decision to make the bug public was made after Qiui repeatedly missed self-imposed deadlines to sort it out.

“This reinforced our decision to publish: clearly others were likely to find these issues independent of us, so the public interest case was made in our minds,” Alex wrote.

Holly Willoughby shocked by The Inseminator who fathered 150 children with random women behind their partners' backs

Most read in Phones & Gadgets

Secret iPhone 'extreme' mode is so powerful Apple says most people never need it
MODE RED!

Secret iPhone 'extreme' mode is so powerful Apple says most people never need it

I stayed in London tech hotel with £30,000 massage bed but best bit was in loo
TECH A TRIP!

I stayed in London tech hotel with £30,000 massage bed but best bit was in loo

Secret iPhone tricks instantly solve two common problems, Apple fans reveal
TAP IDEA!

Secret iPhone tricks instantly solve two common problems, Apple fans reveal

Google reveals money-saving Boxing Day 'fridge trick' for millions of Brits
GOOG THINKING

Google reveals money-saving Boxing Day 'fridge trick' for millions of Brits

In other news, a major Instagram bug lets hackers snoop on you through your phone.

Scammers are using Google Alerts to send out links to malware.

READ MORE SUN STORIES

noel arrival

Lisa Armstrong's Xmas joy as she introduces baby boy as new addition to family

keys to success

Love Island's Matilda reveals 'new chapter' weeks after Towie romance

And, Windows 10 users are being told to update their PC to escape an 'Eternal Darkness' flaw.

Are you worried about your cyber security? Let us know in the comments!

We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]

Topics
YOU MIGHT LIKE
RECOMMENDED FOR YOU
MORE FOR YOU