'Vulnerability to be completely locked remotely by an attacker' was found in a smart chastity belt that can lock male genitalia via Bluetooth

A 'security flaw' was discovered in a smart chastity belt for men that can be remotely operated by connecting to a smartphone via Bluetooth, and when a malicious attacker controls it remotely, it can be prevented from coming off again when worn. It turned out that it would end up.

Smart male chastity lock cock-up | Pen Test Partners


Locked In An Insecure Cage

Internet-enabled male chastity cage can be remotely locked by hackers --The Verge

The problem is a smart chastity belt called ' Cellmate Chastity Cage ' from sex toy maker Qiui .

As Qiui states, 'I think the true chastity experience is to keep the wearer out of control,' Cellmate Chastity Cage has no physical key and is not controlled by the smartphone app. It is designed so that it will not come off as much as possible. In addition, the waterproof and dustproof standard is IPX7, so you can take a shower with it on.

However, British security company Pen Test Partners could be able to remotely control Cellmate Chastity Cage by non-users due to a flaw in the API used to communicate between Cellmate Chastity Cage and the smartphone app. I point out that there is.

The Cellmate Chastity Cage is fixed to a metal ring through a male genitalia, so to remove it without using the app, the motor built into the Cellmate Chastity Cage is directly driven to unlock the electric lock. Or the metal ring needs to be grindered in the immediate vicinity of the 'delicate and sensitive area', Pen Test Partners said 'it is very dangerous to unlock the locked and stuck Cellmate Chastity Cage' is.

You can see in the following movie that you actually hack the circuit of Cellmate Chastity Cage and drive the motor used for locking directly.

CellMate Teardown-YouTube

Also, according to Pen Test Partners, all API endpoints authenticate only with a member code to make a request, and this member code was determined based on the date the user registered for the service. .. Also, if you request a request using only a 6-digit friend code, you can retrieve information such as the user's name, phone number, birthday, location information when registering the app, member code, unencrypted user password, etc. It seems that it has been done.

Qiui updated the app in June 2020 to fix this vulnerability, but users who haven't updated the app are still threatened with the 'risk of wearing a chastity belt forever.' Pen Test Partners sent a message to Qiui many times, but since June 2020, there has been no response and the contact has been lost. After consulting with another security researcher who happened to notice the same vulnerability in September 2020, Pen Test Partners reportedly released this information.

'This case shows that many sex toy makers almost completely ignore privacy and security,' said Pen Test Partners, a real threat to the risk of personal information leaks. It warns that it is likely to be abused by an attacker.

in Hardware,   Video,   Security, Posted by log1i_yk