Taking a screwdriver to unlock your IoT sex toy is nuts

It’s what you might call a cock-up lock-up.

Graham Cluley
@gcluley

As we described on a recent episode of the “Smashing Security” podcast, serious security flaws in the API of a so-called “smart” chastity lock meant that men could find their umm.. personal equipment permanently inaccessible.

It’s what you might call a cock-up lock-up.

The Bluetooth Qiui Cellmate attaches itself to a man’s penis, allowing a remote partner to lock up your proverbials if they think you don’t deserve to use them for a while.

Sign up to our newsletter
Security news, advice, and tips.

And with no umm.. manual over-ride, you could find your pickle in a right pickle if an unauthorised third-party exploits the flaws to lock the cage without your permission. Built from a mixture of polycarbonate and toughened steel, removal is non-trivial and might involve taking an angle grinder or bolt cutters to a delicate part of your anatomy.

The fine fellows at Pen Test Partners, who first uncovered the flaw and attempted to convince Qiui to fix their product, produced a video with an alternative way to override the lock which involved prising open a circuit board on the Cellmate and applying a voltage to two wires to drive a motor to unlock the sex toy.

Notably, the video demonstrates the technique with a Qiui Cellmate which is not currently attached to someone’s penis. I suspect that makes things a little less fiddly.

Personally I wouldn’t be keen to either have an angle grinder near my nuts or to apply an electrical charge anywhere in their vicinity, but then I (hopefully) wouldn’t be found wearing one of these gadgets in the first place.

Inevitably, news of the security hole caught the media’s attention, and Qiui has now come forward with its own video demonstrating how the device can be opened with a screwdriver.

No, still not rushing to experiment with that either…

And before you think the threat of a malicious party locking someone else’s cock lock without permission is overhyped, it appears some owners have been receiving threats demanding a ransom be paid…

For more discussion of this latest IoT security disaster, be sure to listen to the latest “Smashing Security” podcast:

Smashing Security #199: 'A few tech cock-ups, and one cock lock-up'

Your browser does not support this audio element. https://aphid.fireside.fm/d/1437767933/dd3252a8-95c3-41f8-a8a0-9d5d2f9e0bc6/bbfd30dd-b4ee-4dfa-abd4-1d1ca991206b.mp3

Listen on Apple Podcasts | Google Podcasts | Pocket Casts | Spotify | Other... | RSS
More episodes...

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.