Smart sex toys can really bring more fun into your sex life as for example the toys from Lovense show where you can put your partner or camsex the woman / man over the Internet in ecstasy. Now a penis cage has been hacked – with consequences.
However, these remote-controlled sex toys also have their pitfalls as some manufacturers are sloppy with the software – this negligence is now catching up with the manufacturer Qiui.
Security experts from Security Report got their hands on the source code of the ransomware ChastityLock last week, which locks the penis cage “Cellmate” from Qiui and demands a ransom.
The penis cage is a BDSM sex toy where the penis of the partner can be locked in controlled by an app. The ransomware ChastitiyLock does this and sends a message to the app that the device will be unlocked again for an amount of 0.02 Bitcoin.
This again shows the problem when IoT sex toys are controlled via a cloud – attackers are often left wide open. The manufacturer of the penis cage Qiui already attracted attention a few months ago because user data was transmitted unencrypted.
Responsible in this case is the API of Quiu which returns the personal user data with which a penis cage can then be taken over.
You have to smile a bit when Qiui asks you to contact the support who can release the genital into freedom again. Alternatively, there is also a video that shows how to open the penis cage with a screwdriver.
The penis cage also caused problems before
.
According to information from Techcrunch, there are a number of users who complain that the lock does not react even during normal use and that their penises were locked in.
Here, too, one could have assumed that an emergency shutdown for emergencies would be available, but that was obviously not considered in the design.
Meanwhile, the manufacturer should have fixed this security gap, but this affects only newer devices.
Note: The sex toys are connected to clouds, we think not only because of privacy this is highly questionable and should the manufacturer once turn off the server so the sex toys are completely useless. Rather, an app should be able to communicate directly with the toy even if no connection to the internet.
Sources: Product images by Qiui, edited.
