from the another-day-another-IoT-problem dept.
Cellmate: Male chastity gadget hack could lock users in:
A security flaw in a hi-tech chastity belt for men made it possible for hackers to remotely lock all the devices in use simultaneously.
The internet-linked sheath has no manual override, so owners might have been faced with the prospect of having to use a grinder or bolt cutter to free themselves from its metal clamp.
The sex toy's app has been fixed by its Chinese developer after a team of UK security professionals flagged the bug.
This could be useful to anyone still using the old version of the app who finds themselves locked in as a result of an attacker making use of the revelation.
Any other attempt to cut through the device's plastic body poses a risk of harm.
[...] The security researchers said they discovered a way to fool the server into disclosing the registered name of each device owner, among other personal details, as well as the co-ordinates of every location from where the app had been used.
In addition, they said, they could reveal a unique code that had been assigned to each device.
These could be used to make the server ignore app requests to unlock any of the identified chastity toys, they added, leaving wearers locked in.
Also at The Verge and gizmodo.
Related Stories
TechDirt: Not Even Your 'Smart' Jacuzzi Is Safe From The Internet Of Broken Things
The Internet of things — aka the tendency to bring Internet connectivity to devices whether they need them or not — has provided no shortage of both tragedy and comedy. "Smart" locks that are easy to bypass, "smart" fridges that leak your email credentials, or even "smart" barbies that spy on toddlers are all pretty much par for the course in an industry with lax privacy and security standards.
Even your traditional hot tub isn't immune from the stupidity. Hot tub vendor SmartTub thought it might be nice to control your hot tub from your phone (because walking to the tub and quickly turning a dial is clearly too much to ask).
But like so many IOT vendors more interested in the marketing potential than the reality, they allegedly implemented it without including basic levels of security standards for their website administration panel, allowing hackers to access and control hot tubs, all over the planet. And not just SmartTub brands, but numerous brands from numerous manufacturers, everywhere [. . . .]
For those who need reminders, let us not forget prior SN (horror) stories:
- IoT Pet feeders that stop feeding pets
- Peloton treadmills
- Insteon smart home lighting and other controls
- Smart male chastity devices that won't unlock, need metal grinder to remove
Fantastical News Everyone! Remember an earlier SN article about CELLMATE, a male chastity device that got hacked and would not unlock your hardware? Well, now the maker of that IoT device says it's now totally safe to put your equipment into their device once again! They promise! This time for sure! Nothing could go wrong!
While we've covered the Internet of Broken Things for some time, where companies fail to secure the devices they sell which connect to the internet, the entire genre sort of jumped the shark in October of last year. That's when Qiui, a Chinese company, was found to have sold a penis chastity lock that communicates with an API that was wide open and sans any password protection. The end result is that users of a device that locks up their private parts could enjoy those private parts entirely at the pleasure of nefarious third parties. Qiui pushed out a fix to the API... but didn't do so for existing users, only new devices. Why? Well, the company stated that pushing it out to existing devices would again cause them to all lock up, with no override available. Understandably, there wasn't a whole lot of interest in the company's devices at that point.
But fear not, target market for penis chastity locks! Qiui says it's now totally safe to use the product again!
Since this device uses a proprietary API, there is still the issue of Vendor Lock In to be concerned about.
(Score: 5, Insightful) by Rosco P. Coltrane on Wednesday October 07 2020, @10:19AM (19 children)
But here buyers of that thing are even stupider: why on Earth would anyone lock and their genitals and give the (virtual) key to a bunch of Chinese half the world away?
(Score: 5, Funny) by Mojibake Tengu on Wednesday October 07 2020, @10:39AM (1 child)
Just wait until this toy become compulsory in jail industry and military.
My bet is on Amazon employees will be first.
Rust programming language offends both my Intelligence and my Spirit.
(Score: 2, Funny) by Anonymous Coward on Wednesday October 07 2020, @02:30PM
The chastity belt won't matter- Amazon will always find a way to fuck people.
(Score: 4, Touché) by zocalo on Wednesday October 07 2020, @12:07PM
Maybe because they're Uighurs, and that's what they've been "re-educated" to do? Also, compared to forced sterilization, it's probably a better option come to think of it.
FYI, the BBC's coverage [bbc.com] of this includes a map. There actually are quite a lot of Chinese users, but also quite high adoption right across Europe, the more urban areas of the US and Australia, then a smattering elsewhere. Can't speak for China, but the rest are basically all places where you tend to find people with First World Problems, which might be a clue as to who the typical users are.
UNIX? They're not even circumcised! Savages!
(Score: 2) by leon_the_cat on Wednesday October 07 2020, @12:30PM (3 children)
Have you tried asking Joe Biden?
(Score: 0) by Anonymous Coward on Wednesday October 07 2020, @01:45PM
i tried. nobody was home.
(Score: 2) by DannyB on Wednesday October 07 2020, @03:11PM (1 child)
No pets starved from this IoT failure.
Santa/Satan maintains a database and does double verification of it.
(Score: 0) by Anonymous Coward on Wednesday October 07 2020, @03:36PM
Faithful dogs get their JUNK BURNT OFF.
(Score: 3, Interesting) by epitaxial on Wednesday October 07 2020, @01:39PM (4 children)
There are some really cheap (like $5) IoT lighting controllers that run via wifi and of course connect to Chinese servers to function. The name escapes me but you can reflash their firmware with an open source version and run a server locally.
(Score: 0) by Anonymous Coward on Wednesday October 07 2020, @02:55PM (3 children)
How about a fucking switch ? Has it become too complicated nowadays to get off your sorry ass and flip a switch a couple of times a day ?
Fucking IoT bullshit. And people wonder why they die from heart attacks at 35.
(Score: 2) by epitaxial on Wednesday October 07 2020, @06:19PM (1 child)
Calm down and drink your metamucil.
(Score: 0) by Anonymous Coward on Wednesday October 07 2020, @06:34PM
Keep your cage on, slave. You're going to make love to my foot with your tongue until I get bored with you.
(Score: 1) by khallow on Wednesday October 07 2020, @06:40PM
Fuck that. Push the button to flip the switch. No one shall challenge my command of the couch!
(Score: 3, Insightful) by ikanreed on Wednesday October 07 2020, @01:52PM
What part of "Weird sex thing" do you not understand?
(Score: 3, Informative) by DannyB on Wednesday October 07 2020, @02:01PM (3 children)
Why would anyone run Windows 10?
Why would anyone use an IoT pet feeder?
Why would anyone put control of all the devices in their home under IoT control?
Why would anyone trust all of their documents and personal information to the cloud?
Clue this chastity belt article is about: Digital Liberty -- protecting your bits from Vendor Lock In.
Santa/Satan maintains a database and does double verification of it.
(Score: 0) by Anonymous Coward on Wednesday October 07 2020, @03:24PM (2 children)
because it comes on 99% of computers by default? because they got upgraded to it dishonestly?
(Score: 0) by Anonymous Coward on Thursday October 08 2020, @03:43AM (1 child)
People lack imagination. There are still ISOs available for every version of Windows, as well as many distros of Linux and BSD.
(Score: 0) by Anonymous Coward on Monday October 12 2020, @08:33AM
the average PC user doesn't have the knowhow to figure out how to download and burn an ISO, let alone install Linux
(Score: -1, Troll) by Anonymous Coward on Wednesday October 07 2020, @02:05PM
Get with it. It is the New Normal to enforce social distancing for the Pandemic. Don't you believe the Scientists?
(Score: 2) by Tork on Wednesday October 07 2020, @07:11PM
Can we all just agree that around here this is purely an academic discussion?
🏳️🌈 Proud Ally 🏳️🌈
(Score: 2) by Snotnose on Wednesday October 07 2020, @11:06AM (2 children)
Hundreds of hackers around the world are trying to find and exploit this bug just for the LOLs.
It's just a fact of life that people with brains the size of grapes have mouths the size of watermelons. -- Aunty Acid
(Score: 5, Funny) by Rosco P. Coltrane on Wednesday October 07 2020, @12:03PM (1 child)
For real lulz, disable the device and send the owner a box of Viagra-laced chocolates, courtesy of Qiui.
(Score: 3, Insightful) by Anonymous Coward on Wednesday October 07 2020, @01:36PM
Then demand ransom money to get the thing off .... a new form of ransomeware?
(Score: 1) by RandomFactor on Wednesday October 07 2020, @12:11PM (4 children)
It's for the LOLis
В «Правде» нет известий, в «Известиях» нет правды
(Score: 2) by DannyB on Wednesday October 07 2020, @02:02PM (2 children)
The real lulz is that in order to free your digital bits, you have to cut the plastic part of the device apart, and then touch a battery to a specific set of contacts that will energize the motor. (see article)
Santa/Satan maintains a database and does double verification of it.
(Score: 2) by DannyB on Wednesday October 07 2020, @02:14PM (1 child)
Santa/Satan maintains a database and does double verification of it.
(Score: 0) by Anonymous Coward on Wednesday October 07 2020, @07:27PM
Not incorrect, just Pommie-speak.
(Score: 4, Funny) by DannyB on Wednesday October 07 2020, @02:31PM
I would be worried about anyone who can think of the children when their bits are in an IoT metal clamp.
Santa/Satan maintains a database and does double verification of it.
(Score: 2) by Immerman on Wednesday October 07 2020, @01:42PM (19 children)
They call this thing a sex toy? Really? I get that there's a little trouble in forcing it into a classification group, but isn't the whole point of a chastity belt to prevent someone you don't trust from engaging in sex play?
I suppose everyone has their kinks though.
(Score: 4, Insightful) by ikanreed on Wednesday October 07 2020, @01:55PM (5 children)
No, it's a weird sex thing. Under the general umbrella of power and control fetishes, I guess.
(Score: 2) by DannyB on Wednesday October 07 2020, @02:16PM (4 children)
No. This clearly falls under the umbrella of IoT fetishes. Like having other IoT devices. This is just one of that fetish category.
Santa/Satan maintains a database and does double verification of it.
(Score: 2) by ikanreed on Wednesday October 07 2020, @02:52PM (3 children)
I mean, IoT possession is deep down the masochism hole.
(Score: 3, Funny) by DannyB on Wednesday October 07 2020, @03:09PM (2 children)
Would systemd fall under the masochism umbrella? (or "hole"?)
Santa/Satan maintains a database and does double verification of it.
(Score: 2) by ikanreed on Wednesday October 07 2020, @05:08PM (1 child)
I'll mix my metaphors as I please.
(Score: 2) by Runaway1956 on Thursday October 08 2020, @03:46AM
Metaphors are like a box of chocolates - probably not attributed to Forrest Gump.
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 2) by DannyB on Wednesday October 07 2020, @02:15PM (12 children)
Anything that requires using: "grinder or bolt cutter to free themselves from its metal clamp" would definitely qualify as a toy.
Santa/Satan maintains a database and does double verification of it.
(Score: 3, Funny) by Immerman on Wednesday October 07 2020, @02:34PM (11 children)
Wouldn't be much of a chastity belt if you could open it with a screwdriver.
(Score: 2) by DannyB on Wednesday October 07 2020, @02:50PM (10 children)
Since when are chastity belts for males?
(ducks, hides under desk)
Santa/Satan maintains a database and does double verification of it.
(Score: 2, Disagree) by Immerman on Wednesday October 07 2020, @04:03PM (8 children)
Since they started making the CellMate at least.
Not many places where men have been historically considered property, so I doubt there's been much historical demand.
(Score: 0) by Anonymous Coward on Wednesday October 07 2020, @06:00PM (7 children)
You're so wrong... They've existed for a long time, just like men submitting to women have existed for a long time, even in the days of men generally thinking they were the superior half of God's creation.
In addition, in Victorian "any and all sex is evil unless for procreation within a marriage" times, these things - well, let's say conceptually similar things - were used to control certain "unhealthy tendencies" of teenage boys. I've seen Victorian era ads promoting male chastity belts for that very purpose. Not that difficult to find on the net either. Of course, nowadays such an ad will already be labeled kiddie p0rn by some people.
(Score: 2) by Immerman on Wednesday October 07 2020, @07:52PM (6 children)
Oh, care to offer a concrete example? There haven't been that many matriarchal societies since history began being recorded (and claims about prehistoric societies are almost always dubious reconstructions from scant evidence), and I can't think of a single one that went so far as to consider men to be property.
Good point about children though, here have been a few Puritan-esque societies that went overboard against anything sexual.
(Score: 1, Informative) by Anonymous Coward on Wednesday October 07 2020, @08:07PM (5 children)
I was not referring to matriarchal societies, but to individual men in any society.
(Score: 2) by Immerman on Wednesday October 07 2020, @08:52PM (4 children)
Okay.
That's mostly incompatible with being considered property though, children aside. Property does not have the option of leaving a relationship they're unhappy with. Everything else is either roleplaying or illegal slavery.
(Score: 2) by Runaway1956 on Thursday October 08 2020, @03:48AM (2 children)
Just a couple of words that may or may not cause you to question your position:
Eunuch and catamite.
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 2) by Immerman on Thursday October 08 2020, @04:09PM (1 child)
I should have been more specific that I meant men-as-a-class, rather than individual men. Traditionally chastity belts existed to preserve the "purity" of female wards until they were sold/married off, or to ensure faithfulness without trust. Men as a class have never (so far as I know) been particularly valued for their "purity", and rarely in a position where their faithfulness mattered to anyone with the power to impose it. And slaves... I've never heard stories of them being so "preserved" - if for some reason you wanted to ensure they didn't do anything you were likely to make them a eunuch - cheaper and more reliable, though with a modest risk of death. Though I suppose there might have been the occasional powerful women that wanted to ensure nobody else played with their toy.
(Score: 0) by Anonymous Coward on Monday October 12 2020, @08:30AM
AC was totally moving the goalposts
"men have been submissive in society before"
"what? when?"
"oh no I meant individual men. thus basically negating my entire argument"
(Score: 1, Interesting) by Anonymous Coward on Thursday October 08 2020, @03:43PM
Illegal slavery? What about the legal slavery that was the norm worldwide until the last few hundred years?
(Score: 0) by Anonymous Coward on Wednesday October 07 2020, @07:33PM
For quite a long time. This [lovense.com] will give you some context.
Oh, and welcome to today's 10,000 [xkcd.com].
(Score: 3, Funny) by cmdrklarg on Wednesday October 07 2020, @03:24PM
Chastity belts, who needs 'em? I can be chaste without silly devices. My unattractiveness takes care of that!
*walks away muttering*
The world is full of kings and queens who blind your eyes and steal your dreams.
(Score: 3, Insightful) by tangomargarine on Wednesday October 07 2020, @03:28PM
Anybody who voluntarily bought an IoT thing that can be locked onto their genitals kind of deserves whatever happens to them.
Bonus Darwin Award points for being something that already specifically prevents you from passing on your genes.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Wednesday October 07 2020, @04:19PM
Mistakes were made!
themoreyouknow.gif
(Score: 0, Disagree) by Anonymous Coward on Wednesday October 07 2020, @05:35PM (4 children)
How about a separate section for articles like this one?
(Score: 0) by Anonymous Coward on Wednesday October 07 2020, @06:01PM
This is just a run-of-the-mill cybersexcurity story.
(Score: 0) by Anonymous Coward on Wednesday October 07 2020, @08:36PM
Betteridge says no.
(Score: 2, Insightful) by anubi on Thursday October 08 2020, @12:05AM (1 child)
I am one of the submitters of this story.
I considered this. A lot. Before submitting. NSFW kind of thing. Yp
I began to see the allegory to us adopting us willingly inserting our allegorical nuts into the same paradigm... The cloud.... Javascript... "Automatic" updates out of our control, willfully accepting ignorance of the code we run in our machine.
I can't help but see high ranking military types, all dressed up in fancy uniform, decorated with all sorts of whatnot, being entertained with displays of hundreds of Marines twirling their guns, while the technical infrastructure of an entire nation lays vulnerable to those who know the words " open sesame".
To me, this whole story is not much more than an allegory to the paradigm to accept what is offered, and willingly submit. Leadership calls this being a "team player". I have another name for it. Stand up to it and be like me. Unemployed.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by Runaway1956 on Thursday October 08 2020, @03:57AM
I passed by TFA once before submitting. Saw it again, and decided, "What the hell, we need a bit of levity now and then." And, I'm laughing at the "victims", not with them.
“I have become friends with many school shooters” - Tampon Tim Walz