Chastity cage security flaw could let hackers lock up your penis
It's one thing to lock up your junk by choice using the Cellmate. It's another to have it slammed shut by someone you didn't hand the keys to.
- Third place film critic, 2021 LA Press Club National Arts & Entertainment Journalism Awards
A flaw in a smart chastity device that puts your penis on lockdown could get your appendage imprisoned longer than you bargained for, security researchers say.
The device in question, Qiui's Cellmate Chastity Cage, encases your favorite organ in a Bluetooth-enabled gadget that a trusted partner can lock and unlock remotely using a mobile app.
The problem, according to security researchers from UK-based Pen Test Partners, is that due to API flaws, a nontrusted party acting from anywhere could not only gain access to precise user location data, but could "prevent the Bluetooth lock from being opened, permanently locking the user in."
Click for more on the intersection of technology and sex.
"There is no physical unlock," Pen Test Partners noted Monday in a blog post that details its months-long investigation into the device. "The tube is locked onto a ring worn around the base of the genitals, making things inaccessible."
Qiui did not immediately respond to a request for comment, but TechCrunch reports that the company missed three self-imposed deadlines to fix the vulnerability.
The sex toy company, based in China, calls the Cellmate the "world's first app-controlled chastity device." It's polycarbonate, comes in two lengths and costs $189 (about £146 or AU$265).
"Qiui believes that a true chastity experience is one that keeps the wearer away from control over their own devices," Qiui says on its site.
Of course, there's surrender of control by choice. Then there's loss of control by security flaw.
If the Cellmate falls into the hands of the wrong driver, the only way out would be to cut the wearer free using an angle grinder or other heavy tool that most people would probably prefer be kept away from their sensitive areas. It's unknown whether anyone has maliciously exploited the vulnerable API.
This isn't the first time sex toys have raised security concerns.
A high-profile lawsuit in 2016 accused sex tech company We-Vibe of transmitting user preferences, usage data and email addresses to its servers without consent. The company settled the case for $3.75 million in 2017.
As my CNET colleague Alison DeNisco Rayome reported earlier this year, security is top of mind for sex tech companies that have seen the impact of lawsuits or breaches. Still, sex tech products are "all over the map" when it comes to security, Nicole Schwartz, a researcher for Internet of Dongs, which pairs security pros with sex tech vendors to find vulnerabilities in devices, told Rayome.
With the coronavirus pandemic limiting physical contact, some sex tech products have, not surprisingly, seen a bump in sales. The shorter model of the Qiui Cellmate Chastity Cage is currently sold out on the company's site.
