A "security flaw" has been discovered in a smart chastity belt for men that can be remotely controlled by connecting to a smartphone via Bluetooth. It turns out that you can prevent it from coming off.
Smart male chastity lock cock-up | Pen Test Partners
https://www.pentestpartners.com/security-blog/smart-male-chastity-lock-cock-up/
Locked In An Insecure Cage
https://internetofdon.gs/qiui-chastity-cage/
Internet-enabled male chastity cage can be remotely locked by hackers - The Verge
https://www.theverge.com/2020/10/6/21504019/internet-enabled-male-chastity-cage-cellmate-qiui-security-flaw-remotely-locked
The problem is a smart chastity belt called "Cellmate Chastity Cage" from sex toy maker Qiui.
As Qiui puts it, “We believe that the true chastity experience is one in which the wearer loses control over themselves.” It is designed not to come off unless controlled from. In addition, the waterproof and dustproof standard is IPX7, so you can take a shower while wearing it.
However, Pen Test Partners, a British security company, said that due to a flaw in the API used for communication between this Cellmate Chastity Cage and a smartphone app, it is possible for anyone other than the user to remotely control the Cellmate Chastity Cage. pointing out that it is possible.
Since the Cellmate Chastity Cage is designed to be fixed by passing the male genitals through a metal ring, in order to remove it without using the app, you can directly drive the motor built into the Cellmate Chastity Cage and use an electric You'll need to unlock it, or grind a metal ring very close to the "delicate and sensitive area," and Pen Test Partners says it's "extremely difficult to unlock a locked Cellmate Chastity Cage that won't come off." Dangerous."
You can see in the movie below where you actually hack the circuit of Cellmate Chastity Cage and directly drive the motor used for the lock.
CellMate Teardown-YouTube
Also, according to Pen Test Partners, all API endpoints only authenticate with a member code to make requests, and this member code is determined based on the date the user registered for the service. He said. Also, if you request a request using a friend code of only 6 digits, information such as the user's name, phone number, birthday, location information when registering the app, member code, and unencrypted user password can be retrieved. It seems that it is gone.
Qiui updated the app in June 2020 to fix the vulnerability, but users who haven't updated the app are still threatened with the "permanent risk of wearing a chastity belt." increase. Pen Test Partners sent Qiui a number of messages, but since June 2020, there has been no response and contact has been lost. In September 2020, he consulted with another security researcher who happened to notice the same vulnerability, which led to the release of this information.
Pen Test Partners said, ``This case shows that many sex toy makers are almost completely ignoring privacy and security,'' and said that the risk of personal information leakage is a real threat. They are warning that there is a high possibility that it will be exploited by attackers.
![Customized items for the new "Toyota Noah / Voxy" appear from Modellista [Tokyo Auto Salon 2022] [News]](https://website-google-hk.oss-cn-hongkong.aliyuncs.com/drawing/article_results_9/2022/3/28/2fb1fdedaad7536dd6271db30561f588_0.jpeg)
![[New Toyota Voxy (90 series)] Amplifies the characteristics of the aero body! A design that further enhances the power of the front mask! #Works direct custom deep layer 001](https://website-google-hk.oss-cn-hongkong.aliyuncs.com/drawing/article_results_9/2022/3/25/01568e2fbf021c0eaf7d013507c850a4_0.jpeg)
![[Toyota Noah / Voxy new model] Modellista releases various customized parts ... Actual vehicle exhibited at Tokyo Auto Salon](https://website-google-hk.oss-cn-hongkong.aliyuncs.com/drawing/article_results_9/2022/3/25/8268612c1e5941e62d3dfd07f8991b2f_0.jpeg)
