Security company Pen Test Partners discovered a security issue in a hi-tech male chastity device. It concerns a penis cage that can be controlled remotely – via the internet. But due to an error in the software, it was possible to lock all devices in the world at the same time at the push of a button.
Since it is not possible to open the penis cage manually, the wearers could only be released one way, and that is with a grinder.
The Chinese sex toy manufacturer has improved software security in response to reports from the British team. They have also published a solution, should the wearer be hacked before installing the app’s update. To do this, the user must free the printed circuit board and press the battery against two wires to activate the motor.
Pen Test Partners (PTP) has revealed security issues with smart sex toys before. This often involves the leakage of private data, but in this case you can just get stuck. Alex Thomas of PTP says sex toy manufacturers still have a lot to learn when it comes to securing their products.
It is estimated that more than 40,000 units have already been sold worldwide. The penis cage can be controlled remotely, after it has been paired via bluetooth with an app on the wearer’s smartphone. Then someone else, who has been invited to do so via the app, can lock or release the cage.
But to do so, the app sends a command to a server of the manufacturer. The security experts found they could fool that server. This gave them access to all devices, the last used location and a unique identification code. Based on this information, PTP was able to manipulate the server, ignoring unlock requests.
Lomas’ team contacted Qiui in May so that they could improve the software. However, users who have not downloaded the update are still theoretically at risk. That is why PTP contacted the press this week to put some extra pressure on the manufacturer. PTP realizes that this has increased the risk of a hack, but because the manufacturer is busy developing new devices, they hope to have given a clear signal.
As far as is known, at least one user has had to free himself with a grinder. He was left with an ugly scar after he had to heal his wound for almost a month.
- OVO Q1 Anal Stimulator – review - 22 October 2020
- Fucketlist: Kabeshiri - 20 October 2020
- #StayTheFuckHome – 10 tips to make the lockdown a little naughty and 10% discount - 14 October 2020