Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security

Cellmate: Male Chastity Gadget Hack Could Lock Users In (bbc.com) 126

A security flaw in a hi-tech chastity belt for men made it possible for hackers to remotely lock all the devices in use simultaneously. The BBC reports: Qiui's Cellmate Chastity Cage is sold online for about $190 and is marketed as a way for owners to give a partner control over access to their body. Pen Test Partners believe about 40,000 devices have been sold based on the number of IDs that have been granted by its Guangdong-based creator. The cage wirelessly connects to a smartphone via a Bluetooth signal, which is used to trigger the device's lock-and-clamp mechanism. But to achieve this, the software relies on sending commands to a computer server used by the manufacturer.

The security researchers said they discovered a way to fool the server into disclosing the registered name of each device owner, among other personal details, as well as the co-ordinates of every location from where the app had been used. In addition, they said, they could reveal a unique code that had been assigned to each device. These could be used to make the server ignore app requests to unlock any of the identified chastity toys, they added, leaving wearers locked in.

The sex toy's app has been fixed by its Chinese developer after a team of UK security professionals flagged the bug. They have also published a workaround. This could be useful to anyone still using the old version of the app who finds themselves locked in as a result of an attacker making use of the revelation. Any other attempt to cut through the device's plastic body poses a risk of harm.

This discussion has been archived. No new comments can be posted.

Cellmate: Male Chastity Gadget Hack Could Lock Users In

Comments Filter:
  • by Your Father ( 6755166 ) on Tuesday October 06, 2020 @03:23PM (#60578738)
    This is an unnecessary protective measures for anyone reading this post.
  • Why? (Score:4, Insightful)

    by thegarbz ( 1787294 ) on Tuesday October 06, 2020 @03:27PM (#60578746)

    Not why engage in explicit behaviour, but why risk a locking mechanism to complicated electronics? There are so many other ways around this. Hide the key somewhere in the house and give your partner the location if they've been good is an incredibly obvious way.

    No need to ask some Chinese server for permission.

    • Re:Why? (Score:4, Funny)

      by misexistentialist ( 1537887 ) on Tuesday October 06, 2020 @03:37PM (#60578820)
      I'd guess most of these guys are so pathetic they are paying a stranger online to control it
    • Re: (Score:2, Funny)

      by Anonymous Coward

      No need to ask some (Chinese) server for permission.

      The slogan we've been failing for the last 20 years of devices, hardware, software, and Appy Apps.

      Dear 2030: Enjoy having toilets that won't flush until they've authenticated.

      • by paugq ( 443696 )

        Dear 2030: Enjoy having toilets that won't flush until they've authenticated.

        Authenticated with your ass-print?

        • Yes, and performed a quick urinalysis to make sure you haven't consumed any beverages from an unapproved store that the smart toilet company doesn't get their 30% cut of.

          In the future everyone will be in either an Apple/Coca-Cola/Anheuser-Bush household or a Microsoft/Pepsi/Molson-Coors one, except for a few interpid hackers who import a grey market Huawei Luminous Throne (motto: "In communist China, party's AI know what YOU had for lunch yesterday!") and jailbreak it.
    • Re:Why? (Score:4, Informative)

      by Mikkeles ( 698461 ) on Tuesday October 06, 2020 @04:28PM (#60579028)

      Why trust anything which can be done locally to using a remote server?

      • Because you can't connect your whatever gadget to your cellphone without it calling home to manufacturer server. Well, you could if you had IPv6, but you don't in most places so the devices can't work like that. Coincidentally, if the Chinese gadget maker decides they are done spending money to keep a product working, it stops working because the remote server goes offline.
        • by tlhIngan ( 30335 )

          Well, you could if you had IPv6

          How does IPv6 fix it? Just because everything and their dog has an IP address doesn't mean it's actually accessible. (You have obvious IPv6 addresses like link-local which don't cross a router, for example).

          If you're implying that because everything has an IP address anything can connect to it, have we forgotten things like firewalls? Hell, you'd think for something like this, you'd probably want to firewall it well to prevent hacks if it didn't need a cloud service.

          • > have we forgotten things like firewalls?

            Because it has a routable IP address, you can use the firewall to *decide* to make it accessible from the internet or not. Rather than relying on some accidents that are sometimes happy accidents, sometimes not so happy. If you want it accessible, it is. If you want it blocked, it's blocked.

            Versus NAT where it can be tricky to get it working right of you want it accessible, and only slightly more tricky for me to get to it if you didn't want it accessible. Which

          • Comment removed based on user account deletion
      • Wrong question. The question isn't whether to trust the remote server. It's whether you trust that server enough to forgo a local option completely.

        There's a difference between an internet connected chastity belt, and an internet connected chastity belt with physical key override.

    • Hide the key somewhere in the house

      For those really into this, the woman will wear the key like a locket. This way the man sees it all the time he's with her.

      Another way to wear it is on an anklet [keysandanklets.com].

      • I think you're missing the *remote* aspect here.
        You're also missing the emergency backup to something clamped on your cock aspect. ;-)

      • by Cederic ( 9623 )

        I'm fairly sure that most of those relationships fall foul of 'coercive control' clauses in domestic violence law.

        • by spth ( 5126797 )

          The law has limited reach here. When a couple wants to keep the law out of their relationship, even these days they are mostly able to do so.

          Society might disapprove, but as long as no third person knows (and thus no information reaches authorities), a lot can be done. The concept, in English usually known under the name "consensual non-consent" legitimizes illegal activities.

          E.g. marital rape is illegal these days (though decades ago it was to be not in many juridictions). But if both spouses keep their mo

          • by Cederic ( 9623 )

            Well, you've also got the Spanner case in the UK: http://www.spannertrust.org/do... [spannertrust.org]

            Obviously serious assault is different to non-violent coercion but it does set the precedent that consent is not always a defence against interpersonal crimes.

            • Ah, thanks for putting a name to the case. I knew of it, but didn't have a mental "hook" to hang it on. "Spanner" indeed. As in "the courts look like total spanners after that."
      • What reason do you have for thinking that there is a woman involved at any point in the ... experience?

        Oh. Narrow personal experiences. Oh well - that's one way to never find out what really floats your boat.

    • by adrn01 ( 103810 )
      Huh. All these years, I thought the "S" in "DDoS" meant "service"...
    • by rtb61 ( 674572 )

      How about, why use the device. I mean really, what is the idea, if there is no trust why be in a relationship. You can trust them with your life but you can not trust them with their bits. What is the device meant to represent a schizophrenic application of trust, so you value their genitals more than your own life and want them to share that value with you. It would all be so much easier if they sold orgasmo as an inhaler, "Orgasmo, full cerebral stimulation, with none of the scruffiness, during or after,

      • I mean really, what is the idea, if there is no trust why be in a relationship.

        Err you have the completely wrong idea about BDSM, a literal medieval view of it. Playing with chastity devices is not about lack of trust by one partner, it's about complete trust by the other partner to give complete control to their dom.

        • by spth ( 5126797 )

          You're wrong about the word "literal" here. Medieval chastity belts are most likely a later-day invention:

          There is very little evidence of chastity belts having been used in medieval times. "Medieval" chastitiy belts on display in museums have mostly been proven to be 19th-century forgeries (like many "medieval" torture devices).

          If interested in the details, see e.g. the book "The Medieval Chastity Belt - A Myth-Making Process" by Albrecht Classen or the journal article "Der Keuschheitsgürtel, Phantasi

          • There you go, the more you learn :-) I guess Robin Hood - Men in Tights is not a reliable history account :)

    • In any case the hardened steel shackle is actually made of Chinesium, so you can cut it with a pair of nail clippers.
  • Part of there plan to pinch this to the state for use in the system.

    • by Tablizer ( 95088 )

      You mean "pitch"? A cringe-worthy Freudian slip.

      I ignored my best instincts to stay out of this topic.

          Click-Bait: 1, Me: -1

  • Most painful title ever

  • by mspohr ( 589790 ) on Tuesday October 06, 2020 @03:56PM (#60578910)

    We should all take note that this exploit was found by Pen Test Partners... exploring new avenues for Penetration Testing.

    • We should all take note that this exploit was found by Pen Test Partners... exploring new avenues for Penetration Testing.

      Ironically telling people how to lock away others so they are no longer capable of penetrating anything.

  • This "chastity belt" is a novelty - not any sort of effective lock. I am willing to bet I could escape from one of these in 5 minutes with a rock, and very low likelihood of damaging myself.

    I am not willing to spend $69.59 on eBay (new) or $149.39 on Amazon (also new) to test this theory and become internet-famous.

    • by Pascoea ( 968200 )

      I am willing to bet I could escape from one of these in 5 minutes with a rock

      You're a braver man than I.

      • by gweihir ( 88907 )

        I am willing to bet I could escape from one of these in 5 minutes with a rock

        You're a braver man than I.

        More likely he is just pretty stupid and full of himself. The design looks like you can break it easily with adequate tools. As long as there is no sensitive other equipment in the vicinity, that is. A rock is about the last tool you would use to try to break some sturdy plastic in that area.

    • I invented the opposite: the Promiscuity Belt. Beta test isn't working so well, despite being set to 11.

  • I told you homeboy (You can't touch this)
    Yeah, that's how we livin' and ya know (You can't touch this)
    Look in my eyes, man (You can't touch this)

    P.S. Someone had to say it ....

  • by cpt kangarooski ( 3773 ) on Tuesday October 06, 2020 @04:43PM (#60579062) Homepage

    Hacking that sounds like a real dick move.

    • I can imagine the emergency call

      "Hello? fire department? I have a bit of an...erm...um...emergency..."

      • by gweihir ( 88907 )

        It will not be the worst thing they have seen. Or the most stupid. Trust me on that. Humans are very inventive in doing it to themselves.

        • Men (typically teenaged, but sometimes older) turn up at the emergency room regularly with wounds to the crotch caused by "vacuuming the bedroom in the nude". Or so a former flatmate's girlfriend informed us after first meeting such a case on one weekend shift in A&E.
  • Qiui's Cellmate Chastity Cage

    Holy shit! I almost searched for that on Google just to see what it was.

    Last thing I need are oddball sex toy ads popping up on every site I go to.

    It's bad enough they probably have all my IDs tied together from other data mining and will be adding it anyway just because I posted in this thread.

  • by nospam007 ( 722110 ) * on Tuesday October 06, 2020 @05:03PM (#60579138)

    ...the jokes write themselves.

  • Guangdong (Score:5, Funny)

    by Hognoxious ( 631665 ) on Tuesday October 06, 2020 @05:05PM (#60579148) Homepage Journal

    Guangdong. Huh huh huh. Heh heh heh.

  • by labnet ( 457441 ) on Tuesday October 06, 2020 @05:42PM (#60579242)

    I first though Huh? then How? then Why? ... back to my safe bubble...

  • by t4eXanadu ( 143668 ) on Tuesday October 06, 2020 @05:51PM (#60579276)

    I wonder if some of the wearers of this device wouldn't necessarily mind it. That's really giving up control.

  • They really are not all that concerned that if it is hacked, their will be some significant pain involved in removing the hacked device.

  • They should have posted their results before Locktober began. There may be a few guys in lockup for longer than they had thought they'd be....
  • by Malays2 bowman ( 6656916 ) on Tuesday October 06, 2020 @08:23PM (#60579592)

    A device to lock down a man's ding dong with a path to the internet?

    Sure! There is no way this could go wrong...

    • by gweihir ( 88907 )

      I pity the folks trying to make a living writing satirical stories. They do not stand a chance against actual reality these days.

      • by spth ( 5126797 )

        I remember reading something very similar to your comment: "Und vergiss nicht, dein Job ist es, ihm immer ein paar Nasenlängen voraus zu sein!" or so (don't have the actual source at hand, and it is apparently not on the internet), which i German for something along the lines "And don't forget: Your job is to always be a few nose-lengths ahead of him".

        That text was underneath a political cartoon by Haitzinger showing an artist on a bike with a huge ink-brush on his shoulder at the start line of a race.

    • by spth ( 5126797 )

      To many people control via a phone app via some server who-knows-where is just he way remote controls operate these days.

      There are plenty of people with various smart home devices from Alexa to heating controls, etc. I guess the vast majority of users won't even bother to flash alternative firmware to take the manufacturer cloud out of the chain.

      In the end I guess that is a question of benefit/risk assesment. And in the case of this particular device, the one making the decision might often not be the one t

  • I guess some ER people and some firefighters will get experience in how to cut these things off without cutting off anything else...

    In other news, a significant part of the human race continues to be abysmally stupid.

    • by dcw3 ( 649211 )

      I dated an ER nurse many years ago. She told me they'd removed quite a variety of objects from every hole imaginable.

      I also had an older coworker who was renting a room in my townhouse, who one night came to ask me to take him to the ER. Seems he was bleeding from his groin...I never asked why.

  • by dcw3 ( 649211 ) on Tuesday October 06, 2020 @10:49PM (#60579848) Journal

    They've been telling us for years that the Chinese would have us by the balls, and now it's actually happened.

  • It isn't nearly as sexy if it's private and secure.

    What's hot about it if it can't be randomly and permanently locked by a stranger? That's right, not one damn thing.

Marvelous! The super-user's going to boot me! What a finely tuned response to the situation!

Working...