Chastity Penis Lock Company That Was Hacked Says It's Now Totally Safe To Put Your Penis Back In That Chastity Lock

from the fool-me-once dept

While we've covered the Internet of Broken Things for some time, where companies fail to secure the devices they sell which connect to the internet, the entire genre sort of jumped the shark in October of last year. That's when Qiui, a Chinese company, was found to have sold a penis chastity lock that communicates with an API that was wide open and sans any password protection. The end result is that users of a device that locks up their private parts could enjoy those private parts entirely at the pleasure of nefarious third parties. Qiui pushed out a fix to the API... but didn't do so for existing users, only new devices. Why? Well, the company stated that pushing it out to existing devices would again cause them to all lock up, with no override available. Understandably, there wasn't a whole lot of interest in the company's devices at that point.

But fear not, target market for penis chastity locks! Qiui says it's now totally safe to use the product again!

Now, the European distributor of the chastity cage, which is called CELLMATE, wants everyone to know that it's safe to use the device after the release of a new app, which it says fixed the vulnerabilities in the API used to control it.

"Our product and brand (CELLMATE) has received quite a bit of negative attention because of this publication. Now, you can think 'negative publicity is also publicity,' but unfortunately it turned out completely different for the CELLMATE," Dennis Jansen, who works for Desudo, a distributor of the CELLMATE device, told Motherboard in an email, referring to our first story on the hack. "This wrongly created the image that our product could be hacked, after which the genitals of the wearer would be permanently locked up. Although such a situation was not even realistic at the time of publication (as you can read and see here), this story has made current and potential users unfairly frightened of our product. You will understand that this has had absolutely no positive effect on the attention and interest in using the CELLMATE."

A couple of things to note here. First, this whining about press coverage is roughly as tone deaf as it could possibly be. Second, while an emergency release accessible with a screwdriver may indeed by a thing, it seems not every user of the device is aware of that, given that at least one victim claims he had to use bolt cutters which left him bleeding. "It fucking hurt," he told Motherboard. Which, yeah.

But perhaps most important to this story is that anyone that actually wants to see the third party pen test for the API can go pound sand. Pen Test Partners, who originally discovered and reported the flaw, was reportedly brought in to assess the third party pen test as well. Asked if they would sign off that the device was now safe to use, reps from the company basically shrugged.

The founder of Pen Test Partners, Ken Munro, and the researcher who audited the CELLMATE, Alex Lomas, both confirmed to Motherboard that they did receive the third-party assessment and that the document says the issues are now resolved. But they also said they can't confirm the results, as they have not audited the device and its app and API since last year.

"I don't think I can comment more about the safety or otherwise of the product at this stage, I think people hopefully have enough information to make their own judgements," Lomas told Motherboard in an online chat.

Not exactly a ringing endorsement, obviously. The point is that the reputation cost for any company that allows this kind of vulnerability doesn't normally put a company in the position of trust for these kinds of fixes. That lack of trust likely becomes supercharged when people's naughty bits are involved. What's really needed here, should the companies and their distributors want to restore trust with the public, is transparency. Sadly, that doesn't seem to be in the offering.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: chastity lock, iot, security
Companies: qiui


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Pixelation, 9 Feb 2021 @ 7:56pm

    Their new tagline...

    Just The Tip.

    link to this | view in thread ]

  2. identicon
    Crafty Coyote, 9 Feb 2021 @ 8:56pm

    Gotta lock up the important, large, and well-heeled "Mormon Families With Teenage Children Who Like to Masturbate Too Much" demographic, while also making sure that those same teenagers get to actually use their genitals... eventually.

    link to this | view in thread ]

  3. icon
    Ehud Gavron (profile), 9 Feb 2021 @ 11:36pm

    Long story, but let's cut to the chase...

    I don't mean to criticize anyone's fetish, so keep that in mind. Every human on earth should be entitled to enjoy their choices. My opinion is only about the risk/reward structure.

    If you're SO BLESSED STUPID you put your GOSH DARN DIRK in a LOCK that some MORON ON THE INTERNET can HACK you're a BLESSED IDIOT who shouldn't have that dirk so you don't breed further.

    Google "darwin" and have a great day.

    BLESSED people out there. Seriously. https://www.nbc.com/saturday-night-live/video/snl-digital-short-d-in-a-box/3505985

    Ehud
    P.S. I'm a huge fan of Dirk Benedict (Starbuck from Battlestar Galactica) so don't take my changing words to keep this kid-friendly from thinking I'm besmirching Dirk. He's awesome. Seriously.

    link to this | view in thread ]

  4. icon
    Scary Devil Monastery (profile), 10 Feb 2021 @ 1:11am

    Re: Long story, but let's cut to the chase...

    "If you're SO BLESSED STUPID you put your GOSH DARN DIRK in a LOCK that some MORON ON THE INTERNET can HACK you're a BLESSED IDIOT who shouldn't have that dirk so you don't breed further."

    Now now...some people do get off on the idea they've put sole control of their wiener in the hands of some internet rando with a RAT kit. Or in the case of Qiui, the perfect tool for citizens so enamored with their government they want to show their faith by giving uncle Xi veto rights over their dongle.

    link to this | view in thread ]

  5. icon
    That One Guy (profile), 10 Feb 2021 @ 1:12am

    The birds and the... broadswords?

    If you're SO BLESSED STUPID you put your GOSH DARN DIRK in a LOCK that some MORON ON THE INTERNET can HACK you're a BLESSED IDIOT who shouldn't have that dirk so you don't breed further.

    All I can say is that if reproduction involves daggers in your mind whoever taught sex-ed to you has some horrible misconceptions and really needs to seek further education on the matter.

    link to this | view in thread ]

  6. identicon
    bob, 10 Feb 2021 @ 1:56am

    Re: Their new tagline...

    Product also endorsed by rabbi tuckus.

    You take your thing, put it into the machine, and then you... snip the tip.

    Put your non Jewish boyfriend in one today.

    link to this | view in thread ]

  7. identicon
    Cpt. Obvious, 10 Feb 2021 @ 4:30am

    It's DUSEDO, not Desudo, you numnuts.

    And it stands for Dutch Sex Distribution Organization. Founded in 1974. And I work there, typing this text right now.

    www.dusedo.com

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 10 Feb 2021 @ 4:36am

    Love wins.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 10 Feb 2021 @ 5:33am

    So Qiui isn't interested in anyone doing penetration testing with their device....

    link to this | view in thread ]

  10. icon
    Scary Devil Monastery (profile), 10 Feb 2021 @ 5:35am

    Re: The birds and the... broadswords?

    "All I can say is that if reproduction involves daggers in your mind whoever taught sex-ed to you..."

    ...might be Mel Gibson, still stuck in his role of woad-painted pict and the Hollywood version of medieval scots?

    link to this | view in thread ]

  11. icon
    Scary Devil Monastery (profile), 10 Feb 2021 @ 5:45am

    Re:

    Of course they are. They just leave the veto button of said test to some online rando with a RAT kit.

    link to this | view in thread ]

  12. icon
    Samuel Abram (profile), 10 Feb 2021 @ 6:04am

    Re:

    I do QA professionally, and I absolutely refuse to test that product under any circumstances whatsoever.

    link to this | view in thread ]

  13. icon
    Blake C. Stacey (profile), 10 Feb 2021 @ 6:31am

    Just goes to show that you should never stick your dick in the Internet.

    link to this | view in thread ]

  14. icon
    John Roddy (profile), 10 Feb 2021 @ 6:45am

    Guys, please stop trying to connect your genitals to the Internet.

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 10 Feb 2021 @ 6:54am

    Many relationships are based, at least partly, upon trust.

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 10 Feb 2021 @ 7:10am

    Nope

    link to this | view in thread ]

  17. identicon
    Pixelation, 10 Feb 2021 @ 8:06am

    I suppose the next step will be connecting these things to virtual reality?

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 10 Feb 2021 @ 8:24am

    Re: Re:

    Put a giant vibrating dildo on the company account and laugh during the audit.

    link to this | view in thread ]

  19. icon
    Tanner Andrews (profile), 10 Feb 2021 @ 8:36am

    Re: It's DUSEDO, not Desudo, you numnuts.

    It's ``numbnuts'', not ``numnuts'', silly Dutch person.

    link to this | view in thread ]

  20. identicon
    Chris Brand, 10 Feb 2021 @ 9:43am

    transparency?

    I dunno. Not sure that anyone needs to see that...

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 10 Feb 2021 @ 9:54am

    Try as I might, I just can't understand why a chastity belt - along with a large majority of other things* - needs Internet connectivity in the first place.

    *fridge, toaster, dishwasher, etc.

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 10 Feb 2021 @ 11:25am

    Re:

    Maybe "just because they're human". I don't understand why people collect postage stamps or railway engine numbers, listen to bebop jazz records, climb cliffs or marry the same person more than once, but they do - and in large numbers.

    link to this | view in thread ]

  23. identicon
    Anonymous Coward, 10 Feb 2021 @ 11:39am

    Re: Re:

    At least there's reasoning behind those. This, not so much.

    link to this | view in thread ]

  24. icon
    Jojo (profile), 10 Feb 2021 @ 12:02pm

    Re: Their new tagline...

    Noice.

    link to this | view in thread ]

  25. identicon
    Christenson, 10 Feb 2021 @ 2:49pm

    Re: Why connect my THING to the internet?

    When my THING uses a substantial amount of power, which can be deferred, or involves electronics....

    Then there are benefits that can be had for the power grid for it...cheaper electricity by deferring to low-load or high-supply periods, voltage regulation, and VAR compensation. All from computer-controlled power electronics with appropriate information, security, and owner consent.

    It's that consent part that's hard, though...with security not far behind. The information is why you have the network connection.

    And this neglects remote cameras and remote-controlled infrastructure, such as water utilities. These have good use cases.

    link to this | view in thread ]

  26. icon
    wereisjessicahyde (profile), 10 Feb 2021 @ 3:42pm

    RTFM

    "..while an emergency release accessible with a screwdriver may indeed by a thing, it seems not every user of the device is aware of that, given that at least one victim claims he had to use bolt cutters which left him bleeding. "It fucking hurt," he told Motherboard"

    A classic case of RTFM. Read The Fucking Manual"

    link to this | view in thread ]

  27. icon
    JoeCool (profile), 10 Feb 2021 @ 4:35pm

    Re:

    If you require a chastity belt, there isn't any trust. Period. It's like the opposite of trust.

    link to this | view in thread ]

  28. identicon
    Rekrul, 10 Feb 2021 @ 5:01pm

    Re:

    Try as I might, I just can't understand why a chastity belt - along with a large majority of other things * - needs Internet connectivity in the first place.

    Well, if you accept that some guys get excited by letting someone else decide when they're allowed to have sexual pleasure, the internet connectivity allows the other person to remotely unlock the device. It could also be a practical matter, say if it was locked on and the wearer was in an accident and being taken to the hospital. It would save the hospital staff from having to find a pair of bolt cutters.

    link to this | view in thread ]

  29. identicon
    Rekrul, 10 Feb 2021 @ 5:06pm

    Re: Long story, but let's cut to the chase...

    P.S. I'm a huge fan of Dirk Benedict (Starbuck from Battlestar Galactica) so don't take my changing words to keep this kid-friendly from thinking I'm besmirching Dirk. He's awesome. Seriously.

    Did you ever see Ruckus (1980)? He stars as a shell-shocked Vietnam vet who gets hassled when he passes through a small town, ends up making friends with LInda Blair's character, and beats the crap out of the intolerant locals. Kind of a less violent version of First Blood (Rambo). More like A-Team levels of violence.

    It's not bad. It used to play on the pay channels all the time and I always enjoyed it.

    link to this | view in thread ]

  30. icon
    That One Guy (profile), 10 Feb 2021 @ 5:36pm

    Re: RTFM

    Well, 'read the not fucking manual' in this case...

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 10 Feb 2021 @ 11:30pm

    About as sensible as sticking your bits in the pickle slicer?

    A man worked in a pickle factory. He had been employed there for many years when he came home one day to confess to his wife that he had a terrible compulsion. He had an urge to stick his penis into the pickle slicer.

    His wife suggested that he should see a sex therapist to talk about it, but Bill said he would be too embarrassed. He vowed to overcome the compulsion on his own.

    One day a few weeks later, Bill came home and his wife could see at once that something was seriously wrong.

    "What's wrong, Bill?" she asked.

    "Do you remember that I told you how I had this tremendous urge to put my penis into the pickle slicer?"

    "Oh, Bill, you didn't!" she exclaimed.

    "Yes, I did," he replied.

    "My God, Bill, what happened?" she asked.

    "I got fired," he replied.

    "No, Bill. I mean, what happened with the pickle slicer?" she demanded.

    "She got fired too."

    link to this | view in thread ]

  32. icon
    Uriel-238 (profile), 10 Feb 2021 @ 11:43pm

    It's just too tempting.

    Essentially every hacker on the planet whose personal motivations for hacking is mischief has just received a new challenge...

    link to this | view in thread ]

  33. icon
    Uriel-238 (profile), 10 Feb 2021 @ 11:45pm

    Challenges for hackers

    ...though I'd sooner be tempted to create a virus that locks instances of Zoom to cat-filter after a randomized fuse-time.

    link to this | view in thread ]

  34. icon
    Scary Devil Monastery (profile), 11 Feb 2021 @ 1:35am

    Re: Re:

    "...I absolutely refuse to test that product under any circumstances whatsoever."

    Given the target demographic, what would you even test?

    "...So I put it on, and now I have no idea when it unlocks or why, randomly. Top notch. 10/10, Would Wear Again!"

    There's just a lot of aspects around IoT-devices in general which make them pretty tough to properly evaluate. Sex toys especially.

    I still can't believe remote-controlled penis locks are an actual thing. This just takes Orwell for a nasty spin into Wes Craven territory.

    link to this | view in thread ]

  35. icon
    Scary Devil Monastery (profile), 11 Feb 2021 @ 1:37am

    Re:

    I still remember the good old days when the low bar of sage advice was "Don't eat yellow snow".

    This is worse. So much worse.

    link to this | view in thread ]

  36. icon
    Scary Devil Monastery (profile), 11 Feb 2021 @ 1:39am

    Re:

    " I just can't understand why a chastity belt - along with a large majority of other things - needs Internet connectivity in the first place."*

    For the same reason so many other human activities take place.

    "Because Why Not?"

    link to this | view in thread ]

  37. icon
    Scary Devil Monastery (profile), 11 Feb 2021 @ 1:41am

    Re: Challenges for hackers

    I'm sure the next version of Cellmate will have audio. Nothing like having your crotch meow at random to add that extra spice to your day.

    link to this | view in thread ]

  38. identicon
    Cpt. Obvious, 11 Feb 2021 @ 4:58am

    Re: Re: It's DUSEDO, not Desudo, you numnuts.

    link to this | view in thread ]

  39. icon
    DannyB (profile), 11 Feb 2021 @ 6:46am

    This uses a Proprietary API

    Because this device uses a Proprietary API, there is still a concern about Vendor Lock In.

    link to this | view in thread ]

  40. identicon
    Anonymous Coward, 11 Feb 2021 @ 7:27am

    Re: Re:

    You have absolutely no fucking idea what these toys are for...

    link to this | view in thread ]

  41. icon
    Samuel Abram (profile), 12 Feb 2021 @ 4:12am

    Re: Re: Re:

    I still can't believe remote-controlled penis locks are an actual thing. This just takes Orwell for a nasty spin into Wes Craven territory.

    Or Troma territory, given their Killer Condom movie…

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.