Chastity Penis Lock Company That Was Hacked Says It's Now Totally Safe To Put Your Penis Back In That Chastity Lock
from the fool-me-once dept
While we've covered the Internet of Broken Things for some time, where companies fail to secure the devices they sell which connect to the internet, the entire genre sort of jumped the shark in October of last year. That's when Qiui, a Chinese company, was found to have sold a penis chastity lock that communicates with an API that was wide open and sans any password protection. The end result is that users of a device that locks up their private parts could enjoy those private parts entirely at the pleasure of nefarious third parties. Qiui pushed out a fix to the API... but didn't do so for existing users, only new devices. Why? Well, the company stated that pushing it out to existing devices would again cause them to all lock up, with no override available. Understandably, there wasn't a whole lot of interest in the company's devices at that point.
But fear not, target market for penis chastity locks! Qiui says it's now totally safe to use the product again!
Now, the European distributor of the chastity cage, which is called CELLMATE, wants everyone to know that it's safe to use the device after the release of a new app, which it says fixed the vulnerabilities in the API used to control it.
"Our product and brand (CELLMATE) has received quite a bit of negative attention because of this publication. Now, you can think 'negative publicity is also publicity,' but unfortunately it turned out completely different for the CELLMATE," Dennis Jansen, who works for Desudo, a distributor of the CELLMATE device, told Motherboard in an email, referring to our first story on the hack. "This wrongly created the image that our product could be hacked, after which the genitals of the wearer would be permanently locked up. Although such a situation was not even realistic at the time of publication (as you can read and see here), this story has made current and potential users unfairly frightened of our product. You will understand that this has had absolutely no positive effect on the attention and interest in using the CELLMATE."
A couple of things to note here. First, this whining about press coverage is roughly as tone deaf as it could possibly be. Second, while an emergency release accessible with a screwdriver may indeed by a thing, it seems not every user of the device is aware of that, given that at least one victim claims he had to use bolt cutters which left him bleeding. "It fucking hurt," he told Motherboard. Which, yeah.
But perhaps most important to this story is that anyone that actually wants to see the third party pen test for the API can go pound sand. Pen Test Partners, who originally discovered and reported the flaw, was reportedly brought in to assess the third party pen test as well. Asked if they would sign off that the device was now safe to use, reps from the company basically shrugged.
The founder of Pen Test Partners, Ken Munro, and the researcher who audited the CELLMATE, Alex Lomas, both confirmed to Motherboard that they did receive the third-party assessment and that the document says the issues are now resolved. But they also said they can't confirm the results, as they have not audited the device and its app and API since last year.
"I don't think I can comment more about the safety or otherwise of the product at this stage, I think people hopefully have enough information to make their own judgements," Lomas told Motherboard in an online chat.
Not exactly a ringing endorsement, obviously. The point is that the reputation cost for any company that allows this kind of vulnerability doesn't normally put a company in the position of trust for these kinds of fixes. That lack of trust likely becomes supercharged when people's naughty bits are involved. What's really needed here, should the companies and their distributors want to restore trust with the public, is transparency. Sadly, that doesn't seem to be in the offering.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: chastity lock, iot, security
Companies: qiui
Reader Comments
Subscribe: RSS
View by: Time | Thread
Their new tagline...
Just The Tip.
[ link to this | view in thread ]
Gotta lock up the important, large, and well-heeled "Mormon Families With Teenage Children Who Like to Masturbate Too Much" demographic, while also making sure that those same teenagers get to actually use their genitals... eventually.
[ link to this | view in thread ]
Long story, but let's cut to the chase...
I don't mean to criticize anyone's fetish, so keep that in mind. Every human on earth should be entitled to enjoy their choices. My opinion is only about the risk/reward structure.
If you're SO BLESSED STUPID you put your GOSH DARN DIRK in a LOCK that some MORON ON THE INTERNET can HACK you're a BLESSED IDIOT who shouldn't have that dirk so you don't breed further.
Google "darwin" and have a great day.
BLESSED people out there. Seriously. https://www.nbc.com/saturday-night-live/video/snl-digital-short-d-in-a-box/3505985
Ehud
P.S. I'm a huge fan of Dirk Benedict (Starbuck from Battlestar Galactica) so don't take my changing words to keep this kid-friendly from thinking I'm besmirching Dirk. He's awesome. Seriously.
[ link to this | view in thread ]
Re: Long story, but let's cut to the chase...
"If you're SO BLESSED STUPID you put your GOSH DARN DIRK in a LOCK that some MORON ON THE INTERNET can HACK you're a BLESSED IDIOT who shouldn't have that dirk so you don't breed further."
Now now...some people do get off on the idea they've put sole control of their wiener in the hands of some internet rando with a RAT kit. Or in the case of Qiui, the perfect tool for citizens so enamored with their government they want to show their faith by giving uncle Xi veto rights over their dongle.
[ link to this | view in thread ]
The birds and the... broadswords?
If you're SO BLESSED STUPID you put your GOSH DARN DIRK in a LOCK that some MORON ON THE INTERNET can HACK you're a BLESSED IDIOT who shouldn't have that dirk so you don't breed further.
All I can say is that if reproduction involves daggers in your mind whoever taught sex-ed to you has some horrible misconceptions and really needs to seek further education on the matter.
[ link to this | view in thread ]
Re: Their new tagline...
Product also endorsed by rabbi tuckus.
You take your thing, put it into the machine, and then you... snip the tip.
Put your non Jewish boyfriend in one today.
[ link to this | view in thread ]
It's DUSEDO, not Desudo, you numnuts.
And it stands for Dutch Sex Distribution Organization. Founded in 1974. And I work there, typing this text right now.
www.dusedo.com
[ link to this | view in thread ]
Love wins.
[ link to this | view in thread ]
So Qiui isn't interested in anyone doing penetration testing with their device....
[ link to this | view in thread ]
Re: The birds and the... broadswords?
"All I can say is that if reproduction involves daggers in your mind whoever taught sex-ed to you..."
...might be Mel Gibson, still stuck in his role of woad-painted pict and the Hollywood version of medieval scots?
[ link to this | view in thread ]
Re:
Of course they are. They just leave the veto button of said test to some online rando with a RAT kit.
[ link to this | view in thread ]
Re:
I do QA professionally, and I absolutely refuse to test that product under any circumstances whatsoever.
[ link to this | view in thread ]
Just goes to show that you should never stick your dick in the Internet.
[ link to this | view in thread ]
Guys, please stop trying to connect your genitals to the Internet.
[ link to this | view in thread ]
Many relationships are based, at least partly, upon trust.
[ link to this | view in thread ]
Nope
[ link to this | view in thread ]
I suppose the next step will be connecting these things to virtual reality?
[ link to this | view in thread ]
Re: Re:
Put a giant vibrating dildo on the company account and laugh during the audit.
[ link to this | view in thread ]
Re: It's DUSEDO, not Desudo, you numnuts.
It's ``numbnuts'', not ``numnuts'', silly Dutch person.
[ link to this | view in thread ]
transparency?
I dunno. Not sure that anyone needs to see that...
[ link to this | view in thread ]
Try as I might, I just can't understand why a chastity belt - along with a large majority of other things* - needs Internet connectivity in the first place.
*fridge, toaster, dishwasher, etc.
[ link to this | view in thread ]
Re:
Maybe "just because they're human". I don't understand why people collect postage stamps or railway engine numbers, listen to bebop jazz records, climb cliffs or marry the same person more than once, but they do - and in large numbers.
[ link to this | view in thread ]
Re: Re:
At least there's reasoning behind those. This, not so much.
[ link to this | view in thread ]
Re: Their new tagline...
Noice.
[ link to this | view in thread ]
Re: Why connect my THING to the internet?
When my THING uses a substantial amount of power, which can be deferred, or involves electronics....
Then there are benefits that can be had for the power grid for it...cheaper electricity by deferring to low-load or high-supply periods, voltage regulation, and VAR compensation. All from computer-controlled power electronics with appropriate information, security, and owner consent.
It's that consent part that's hard, though...with security not far behind. The information is why you have the network connection.
And this neglects remote cameras and remote-controlled infrastructure, such as water utilities. These have good use cases.
[ link to this | view in thread ]
RTFM
"..while an emergency release accessible with a screwdriver may indeed by a thing, it seems not every user of the device is aware of that, given that at least one victim claims he had to use bolt cutters which left him bleeding. "It fucking hurt," he told Motherboard"
A classic case of RTFM. Read The Fucking Manual"
[ link to this | view in thread ]
Re:
If you require a chastity belt, there isn't any trust. Period. It's like the opposite of trust.
[ link to this | view in thread ]
Re:
Well, if you accept that some guys get excited by letting someone else decide when they're allowed to have sexual pleasure, the internet connectivity allows the other person to remotely unlock the device. It could also be a practical matter, say if it was locked on and the wearer was in an accident and being taken to the hospital. It would save the hospital staff from having to find a pair of bolt cutters.
[ link to this | view in thread ]
Re: Long story, but let's cut to the chase...
Did you ever see Ruckus (1980)? He stars as a shell-shocked Vietnam vet who gets hassled when he passes through a small town, ends up making friends with LInda Blair's character, and beats the crap out of the intolerant locals. Kind of a less violent version of First Blood (Rambo). More like A-Team levels of violence.
It's not bad. It used to play on the pay channels all the time and I always enjoyed it.
[ link to this | view in thread ]
Re: RTFM
Well, 'read the not fucking manual' in this case...
[ link to this | view in thread ]
About as sensible as sticking your bits in the pickle slicer?
A man worked in a pickle factory. He had been employed there for many years when he came home one day to confess to his wife that he had a terrible compulsion. He had an urge to stick his penis into the pickle slicer.
His wife suggested that he should see a sex therapist to talk about it, but Bill said he would be too embarrassed. He vowed to overcome the compulsion on his own.
One day a few weeks later, Bill came home and his wife could see at once that something was seriously wrong.
"What's wrong, Bill?" she asked.
"Do you remember that I told you how I had this tremendous urge to put my penis into the pickle slicer?"
"Oh, Bill, you didn't!" she exclaimed.
"Yes, I did," he replied.
"My God, Bill, what happened?" she asked.
"I got fired," he replied.
"No, Bill. I mean, what happened with the pickle slicer?" she demanded.
"She got fired too."
[ link to this | view in thread ]
It's just too tempting.
Essentially every hacker on the planet whose personal motivations for hacking is mischief has just received a new challenge...
[ link to this | view in thread ]
Challenges for hackers
...though I'd sooner be tempted to create a virus that locks instances of Zoom to cat-filter after a randomized fuse-time.
[ link to this | view in thread ]
Re: Re:
"...I absolutely refuse to test that product under any circumstances whatsoever."
Given the target demographic, what would you even test?
"...So I put it on, and now I have no idea when it unlocks or why, randomly. Top notch. 10/10, Would Wear Again!"
There's just a lot of aspects around IoT-devices in general which make them pretty tough to properly evaluate. Sex toys especially.
I still can't believe remote-controlled penis locks are an actual thing. This just takes Orwell for a nasty spin into Wes Craven territory.
[ link to this | view in thread ]
Re:
I still remember the good old days when the low bar of sage advice was "Don't eat yellow snow".
This is worse. So much worse.
[ link to this | view in thread ]
Re:
" I just can't understand why a chastity belt - along with a large majority of other things - needs Internet connectivity in the first place."*
For the same reason so many other human activities take place.
"Because Why Not?"
[ link to this | view in thread ]
Re: Challenges for hackers
I'm sure the next version of Cellmate will have audio. Nothing like having your crotch meow at random to add that extra spice to your day.
[ link to this | view in thread ]
Re: Re: It's DUSEDO, not Desudo, you numnuts.
It´s Floridian, circa 2000. https://www.urbandictionary.com/define.php?term=numnuts
[ link to this | view in thread ]
This uses a Proprietary API
Because this device uses a Proprietary API, there is still a concern about Vendor Lock In.
[ link to this | view in thread ]
Re: Re:
You have absolutely no fucking idea what these toys are for...
[ link to this | view in thread ]
Re: Re: Re:
Or Troma territory, given their Killer Condom movie…
[ link to this | view in thread ]