Stories
Slash Boxes
Comments

SoylentNews is people

Submission Preview

Link to Story

Cellmate: Male chastity gadget hack could lock users in

Accepted submission by DannyB at 2020-10-06 19:56:56 from the another-day-another-IoT-problem dept.
Digital Liberty

Cellmate: Male chastity gadget hack could lock users in [bbc.com]

A security flaw in a hi-tech chastity belt for men made it possible for hackers to remotely lock all the devices in use simultaneously.

The internet-linked sheath has no manual override, so owners might have been faced with the prospect of having to use a grinder or bolt cutter to free themselves from its metal clamp.

The sex toy's app has been fixed by its Chinese developer after a team of UK security professionals flagged the bug.

They have also published a workaround. (see below)

This could be useful to anyone still using the old version of the app who finds themselves locked in as a result of an attacker making use of the revelation.

Any other attempt to cut through the device's plastic body poses a risk of harm.

From image of pried open device circuit board:

The workaround involves prising (sic) open the circuit board and pressing batteries against two of the wires to trigger a motor

[ . . . ] "The problem is that manufacturers of these other toys sometimes rush their products to market," commented Alex Lomas, a researcher at the firm.

"Most times the problem is a disclosure of sensitive personal data, but in this case, you can get physically locked in."

[ . . . ] The cage wirelessly connects to a smartphone via a Bluetooth signal, which is used to trigger the device's lock-and-clamp mechanism.

But to achieve this, the software relies on sending commands to a computer server used by the manufacturer.

The security researchers said they discovered a way to fool the server into disclosing the registered name of each device owner, among other personal details, as well as the co-ordinates of every location from where the app had been used.

In addition, they said, they could reveal a unique code that had been assigned to each device.

These could be used to make the server ignore app requests to unlock any of the identified chastity toys, they added, leaving wearers locked in.

Digital Liberty seemed to be the appropriate topic for this one.

Manual Override? Nobody needs their manual to be overridden.

No pets starved from this IoT failure.


Original Submission