Internet-Connected Chastity Cages Hit By Bitcoin Ransom Hack
from the the-future-is-not-what-we-were-promised dept
If you hadn't noticed yet, the internet of things is a security and privacy shit show. Millions of poorly secured internet-connected devices are now being sold annually, introducing massive new attack vectors and vulnerabilities into home and business networks nationwide. Thanks to IOT companies and evangelists that prioritize gee-whizzery and profits over privacy and security, your refrigerator can now leak your gmail credentials, your kids' Barbie doll can now be used as a surveillance tool, and your "smart" tea kettle can now open your wireless network to attack.
So of course this kind of security and privacy apathy has extended to more creative uses of internet-connected devices. Case in point: last October, security researchers found that the makers of an IOT chastity cage -- a device used to prevent men from being able to have sex -- (this Amazon link has the details) had left an API exposed, giving hackers the ability to take remote control of the devices. And guess what: that's exactly what wound up happening. One victim and device user say he was contacted by a hacker who stated he wouldn't be able to free his genitals from the device unless he ponied up a bitcoin ransom.
Luckily his genitals weren't in the device at the time, though it's not clear other users were as lucky:
"A victim who asked to be identified only as Robert said that he received a message from a hacker demanding a payment of 0.02 Bitcoin (around $750 today) to unlock the device. He realized his cage was definitely "locked," and he "could not gain access to it." "Fortunately I didn’t have this locked on myself while this happened," Robert said in an online chat."
Given the often nonexistent security on internet of things devices, such problems aren't particularly uncommon in devices like not-so-smart thermostats. It's also a major problem in many hospitals where big medical conglomerates haven't been willing to pony up the money necessary to keep lifesaving technology private and secure. That said, "I had to pay some kid in the Ukraine $750 so I could access my own genitals" is a new wrinkle many hadn't seen coming.
It's just yet another reminder that you shouldn't connect everything to the internet just because you can. And you shouldn't endeavor to engage in such innovation unless you're willing to spend the money and take the time to ensure you're adhering to basic security and privacy standards. Whether a heart monitor or a sex toy, most companies still aren't after ten years of headlines like this. And despite some promising headway being made in policy, our response to the security dumpster fire that is the IOT remains a pretty hot, discordant mess.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bitcoin, chastity cage, hack, iot, ransomware, security
Reader Comments
Subscribe: RSS
View by: Time | Thread
Larry Niven said it best
If an idiot wants to lock his genitals up so anyone on the Internet can say "Narp, not unlocking you" that's just evolution in action.
Ehud
P.S. That's from Oath of Fealty, Larry Niven and Jerry Pournelle, 1981, to give credit where credit is certainly due.
[ link to this | view in chronology ]
Re: Larry Niven said it best
And here I was guessing Vernor Vinge.
[ link to this | view in chronology ]
Well, you learn something new every day. Not the inevitable danger of such a device, but its existence...
Bonus points for "VICE" being the source link.
[ link to this | view in chronology ]
Another problem with chastity cages . . .
Vendor Lock In
[ link to this | view in chronology ]
Re: Another problem with chastity cages . . .
In this case the bigger problem is vendee lock in.
[ link to this | view in chronology ]
Finally something the lockpicking lawyer refuses to open.
[ link to this | view in chronology ]
And the doctor says..."Hold still while I cut this off of you".
[ link to this | view in chronology ]
Damn, talk about getting cockblocked…
[ link to this | view in chronology ]
Re:
More like cocklocked!
[ link to this | view in chronology ]
Why does it seem so many of humanities problems start with a guy going... I know I'll stick my dick in it...
[ link to this | view in chronology ]
It's a security fetish thing.
Come on, guys. We've already done the jokes about the internet chastity cage back in october. (Link provided in case you don't think this thread is big enough.)
The only difference now is that the cage is bitcoin-operated.
[ link to this | view in chronology ]
There should be stiff penalties for this type of behavior!
[ link to this | view in chronology ]
Re:
And I though stiff caused a penalty with such devices!
[ link to this | view in chronology ]
Fun things.
How about the thought,
BASIC SECURITY so even an idiot can open it, incase of emergency?
If it really only has Bluetooth 4 digit Numbers, WHO cares if it gets locked.
The weakest/strongest security feature is only there and SAFE, if someone changes it. Just cause a series of products all have ADMIN and PASSWORD as the name and password. is only Safer IF you change it.(and not forget it)(not reset the device to un-configured).
Whats the most interesting thing about all of it, is How many of these devices can loose Power and reset to its failsafe. Admin/password.
Is this good/bad? Considering My customers tend to forget them anyway.
Dont mind the ones that Do have a builtin Switch to reset them, Until someone figures they can tap it then remote access the whole system.
In allot of this, How secure do you want some of these devices? Probably depends on the Use made of it. And that Barbie, SHOULD not be able to direct connect to the net.
The Fridge? Should just make a Call. It would be better if you had to press a button and it would THEN connect and order things Or print out your grocery list.
Anyone know the story of a car owner, found someone in Australia with the same car, and gained remote access to it, with the Vehicle ID(Vin #). who knew it was that easy?
https://i0.wp.com/tap.fremontmotors.com/wp-content/uploads/2018/08/vin-decode.jpg?resize=500%2 C250&is-pending-load=1#038;ssl=1
[ link to this | view in chronology ]
Re: Fun things.
"BASIC SECURITY so even an idiot can open it, incase of emergency?"
Given my own experience in IT...I think it's a safe assumption to make that most of the users ill be bigger idiots than the hackers, by far.
Yeah, you can dumb the security down until the average user will be able to work their way through the 4-digit pin. That just leaves us with the neighborhood kids being able to repetitively force the users to spend hours of brute-forcing the pin or unlock the damn thing with a pair of bolt cutters.
If the solution only inconveniences the user and encourages the trolls you're probably better off making the lock physical and taking the risk of your future sex life disappearing down a storm drain along with the key...
[ link to this | view in chronology ]
Can vs. should
You can apply technology to almost anything. If you should, is a bigger question.
[ link to this | view in chronology ]
Seriously though, what are they made of, titanium? How much trouble would they be to get off if necessary, really?
Let's see... $750.00, or however much this thing cost? Tough choice, i know. Sunk costs and all.
[ link to this | view in chronology ]
Re:
Lets see, I have this grinder, or maybe a hammer and chisel will do,....
[ link to this | view in chronology ]
Re:
To be fair, I’d be nervous about using force to remove anything right by my genitals.
[ link to this | view in chronology ]
Re: Re:
"To be fair, I’d be nervous about using force to remove anything right by my genitals."
The darwin awards homepage is full of examples of people who would cheerfully use a welding torch or explosives to rid themselves of the temporary inconvenience, let alone hammer and chisel. I guess it only shows that some people will always be left stumped by technology.
[ link to this | view in chronology ]
Re: Re:
bolt cutters, hacksaws, wiresaws are things. i'm sure i could think of more if necessary. then there's simply defeating the electronics. vibratory tools might get you a twofer.
but sure some emergency doctor or whatever action might compete with the $750.00 price tag.
[ link to this | view in chronology ]
Re: Re: Re:
"but sure some emergency doctor or whatever action might compete with the $750.00 price tag."
Depends on whether the victim's kinks included shame play in which case it's a win all around? Judge not, and all that.
You'd think that my early years as a DBA would have inured me to human stupidity, and yet the idea that there are people out there willing to strap, to their genitals, remotely operated and badly secured machinery, still shocks me.
[ link to this | view in chronology ]
Re: Re: Re: Re:
"...still shocks me."
I think we just found the new functionality they'll be adding for v2.0.
[ link to this | view in chronology ]
Re:
Would you want someone using a cutting tool near your genitals, on a device with a lithium battery? The report linked from one of the articles shows how to safely remove it, by accessing the motor wires and directly applying power:
https://www.pentestpartners.com/security-blog/smart-male-chastity-lock-cock-up/?=october-5-20 20
The BBC also has a picture: https://www.bbc.com/news/technology-54436575
You can't make this stuff up. Why would you? That would be a waste of everyone's time.
[ link to this | view in chronology ]
Hacking needs to be treated as if it were terrorism.
[ link to this | view in chronology ]
Re:
really?
So no matter how weak or Stupid the maker is to use it..
That it interconnects Direct to your router and MAYBE an internet site. Or just the kids BT connection on their PHONE, and they hack it.
Who is responsible?
The kids for a 4 digit code?
You for not changing the BASIC name/password
The company that Made all the codes the same, and Probably not changeable.
OR that the ITEM is broadcasting itself to everyone in 300 feet? And not being SILENT, so that no one Knows you are wearing one. And that you have to have the MAC address to connect to it.
[ link to this | view in chronology ]
It's a feature, not a bug.
How else do you think BBCs are going to train their cock-hungry sissies if they have clit restraints that can be removed? Self-defeating. Sissies need to learn that they don't have a cock. They have a useless clit that can't cum without Daddy's help.
[ link to this | view in chronology ]
As Dan Savage points out this is exactly what gets them off. This should be marketed as a feature, chastity + fin dom that is a huge market segment.
[ link to this | view in chronology ]
No. It's a copy-protection scheme.
Unauthorised reproduction is prohibited.
It says so right in the DMCA. That means it's illegal to circumvent (or even circumcise) this device.
All hail Dear Leader!
[ link to this | view in chronology ]
While I agree that not everything should be connected to the net and that the things that are need to have better security, all IOT devices should have a way to wipe the current settings and firmware and reset them to the factory defaults. This ability should be in ROM and therefore immune to hacking. Someone hacks your device and changes the password or corrupts the firmware? Just reset to the factory defaults. You may have to re-configure it or even do a firmware update, but it nullify any ransomware attack. What's that you say? If the firmware has been hacked, it could destroy the code that does the reset? Not if that code is in ROM. You trigger the reset, it executes the ROM code to re-flash the firmware to the default. Of course this presents a problem if the reset code has a bug that needs to be patched, which is why companies would need to make sure that it's bug-free before they shipped it. You know, the way companies used to do things before today's model of "Ship it broken, we'll patch it later."
I would recommend that such a reset be designed so that it can only be triggered manually from the actual device itself and not remotely.
In the case of a smart chastity device, maybe a special tool or cable could be employed to ensure that the wearer couldn't just reset it at will.
And as for removing the Cell Mate without the code, a pair of bolt cutters to cut the ring would probably suffice. Failing that, even a fiber cutting wheel in a Dremel would probably make short work of the ring. I've used them to cut bolts. First pull the penis out the back (there is NOTHING to prevent this), then cut the ring on each side.
[ link to this | view in chronology ]
Well, guys, as you can see the role of the bitcoin is above everything that was mention by that gentleman in 2011. Now everyone understands its power and how it influences the business. Of course, it works oppositely. I mean, such persons like Mask can influence its value and use that. But I still believe it will grow in the future. Nevertheless, I also try to invest in other cryptocurrencies that have a reasonable price now. I play with crypto on fairspin io and try to multiply my digital saving there. Well, I need to learn more about that world to earn more. At least, I know the game is honest as I can check it through blockchain.
[ link to this | view in chronology ]