Posted on October 7, 2020 at 2:07 PM
A recent report has revealed that there is a vulnerability existing in internet-enabled male chastity devices that give hackers access into the gadget and locking users out.
The device was designed and developed by Chinese firm Qiui, to allow partners to lock and unlock each other’s genitals via the app.
The device was designed in a way that makes it very difficult to break into or dislodge without doing it through the app. It will require an angle grinder or bolt cutters to open the chastity cage, which could be risky for the wearer.
Also, the chastity cage doesn’t have a physical key or a manual override, which makes it even more difficult to break out.
However, cybersecurity firm Pen Test Partners confirm the app can be compromised due to multiple flaws that allow hackers to lock and unlock the devices remotely.
Techcrunch initially reported the vulnerability issue, and those who would want to purchase such a smart device have been warned to do proper research first.
Intimacy devices require better security
A security researcher at Pen Test Partners Alex Lomas pointed out that many IoT devices have issues with vulnerability, so it’s not a big surprise that a device like this also has issues.
“It isn’t tremendously unusual to find an issue like this in many IoT fields, and teledildonics is no real exception,” he said.
Lomas also revealed that they have found similar issues relating to vulnerability with different sex toy manufacturers over the years. With these issues, Lomas opined that manufacturers of intimate devices should provide better security protocols and platforms for their devices compared to other forms of IoT devices.
Device manufacturers not responsive
Even after the security researchers have informed the manufacturer of the device about the flaw, the company has not been upfront with a response. The Pen Test Partners revealed they initially revealed the flaw to Qiui in April. Although the company responded swiftly the first time, it hasn’t completely resolved the vulnerability and has since stopped responding to emails.
The vulnerability is a result of an API utilized for communication between the chastity device and its app. Apart from giving hackers complete control of the device remotely, they also gained access to vital information such as passwords and data. In June, the company tried fixing the vulnerability by updating the chastity cage app. However, users who have not applied the update are still susceptible.
Lomas tried to explain why Qiui has been a bit slow to completely fixing the app’s vulnerability. According to him, if the company provides fix to the old app completely, the security vulnerability will be fixed, but there is a high chance of locking out wearers who have not updated.
But when the original app version is left functional, the security flaw will be present while users can enjoy the older version of the app.
Security researchers have opined that there is no alternative to a solution that will protect users from cybercriminals who may take control of such a privacy device to punish users. Qiui has been advised to carry out a full update to the old app and migrate to the safer new app as soon as possible.
Pen Test researchers said after discussing with the company about the vulnerability and a possible fix to the bug, they and other researchers decided to take the discovery to the public. The idea is to get a more expanded view and a more complex solution.
The app faces so many issues
Based on the research conducted by Pen Test Partners, it seems the vulnerability issue of the Cellmate is not the only problem it has. The research shows there have been several complaints about the app from users who downloaded from Google Play Store and Apple’s App Store. Many of the customers complained that the app stops working at random.
With this vulnerability issue and other issues raised by customers, it’s clear the company has a lot of things to fix to restore confidence in its device.