As we described on a recent episode of the “Smashing Security” podcast, serious security flaws in the API of a so-called “smart” chastity lock meant that men could find their umm.. personal equipment permanently inaccessible.
It’s what you might call a cock-up lock-up.
The Bluetooth Qiui Cellmate attaches itself to a man’s penis, allowing a remote partner to lock up your proverbials if they think you don’t deserve to use them for a while.
And with no umm.. manual over-ride, you could find your pickle in a right pickle if an unauthorised third-party exploits the flaws to lock the cage without your permission. Built from a mixture of polycarbonate and toughened steel, removal is non-trivial and might involve taking an angle grinder or bolt cutters to a delicate part of your anatomy.
The fine fellows at Pen Test Partners, who first uncovered the flaw and attempted to convince Qiui to fix their product, produced a video with an alternative way to override the lock which involved prising open a circuit board on the Cellmate and applying a voltage to two wires to drive a motor to unlock the sex toy.
Notably, the video demonstrates the technique with a Qiui Cellmate which is not currently attached to someone’s penis. I suspect that makes things a little less fiddly.
Personally I wouldn’t be keen to either have an angle grinder near my nuts or to apply an electrical charge anywhere in their vicinity, but then I (hopefully) wouldn’t be found wearing one of these gadgets in the first place.
No, still not rushing to experiment with that either…
And before you think the threat of a malicious party locking someone else’s cock lock without permission is overhyped, it appears some owners have been receiving threats demanding a ransom be paid…
— 貞操奴隷 (@teisoudorei_000) October 8, 2020
For more discussion of this latest IoT security disaster, be sure to listen to the latest “Smashing Security” podcast:
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.