A smart chastity belt that can lock male genitalia via Bluetooth becomes a prey for hackers and demands a ransom

The smart chastity belt ' Cellmate Chastity Cage ' that can be controlled from the mobile app via Bluetooth is targeted by hackers, and it is locked remotely and the user is threatened with ' Pay the ransom if you want to unlock it' Did.

Hacker used ransomware to lock victims in their IoT chastity belt

'Your Cock Is Mine Now:' Hacker Locks Internet-Connected Chastity Cage, Demands Ransom

In October 2020, British security company Pen Test Partners revealed that Cellmate Chastity Cage was vulnerable to remote control by non-users.

'Vulnerability to be completely locked remotely by an attacker' was found in a smart chastity belt that can lock male genitalia via Bluetooth --GIGAZINE

'It takes less than a couple of days for an attacker to steal an entire user database and use it for blackmail and phishing scams,' Pen Test Partners said in a report, but on January 9, 2021 It was reported that this was the source of reality. The attacker launched an attack targeting a mobile app that controls Cellmate's device and demanded that it pay 0.02 Bitcoin to unlock it. According to overseas news media Bleeping Computer , 0.02 Bitcoin at the time of the attack was equivalent to 270 dollars (about 28,000 yen).

When the attack started, the victims were flooded with complaints that they could no longer control the device. In addition, some victims were sent the message, 'Your penis is mine now.' Also, some users were worried that 'the only way to release it is to disconnect the device', but it was possible to contact Cellmate support and request a reset, and to manually release the device. The manufacturer Qiui showed in a movie how to install the driver for, and the user who actually paid the ransom has not been confirmed.

Qiui, a Chinese-based manufacturer, has not responded to requests for comment on this matter.

Qiui has fixed a vulnerability that has been pointed out as a problem, so it is reported that if the app is kept up to date, it cannot be the target of an attack. However, such products are likely to have some vulnerabilities, so experts say, 'It is important that all companies have a way to contact researchers and keep in touch with them.' I point out.

In addition, vx-underground, which collects malware source code and samples, also publishes ransomware source code that was received from a person who said 'I got it from an attacker'.

MalwareSourceCode / Python at main · vxunderground / MalwareSourceCode · GitHub

in Hardware,   Security, Posted by logq_fa