A so-called ‘smart’ chastity belt for men had a security flaw in it that meant hackers could permanently lock away a user’s penis.
The gizmo, called the Cell Mate, is billed as the world’s first app-controlled chastity device.
To use it, a man places his penis inside a metal tube, which is then locked and released by a ring that sits at the base of the balls. Connecting to the accompanying app means a partner can control it via Bluetooth.
Amazingly, this device claims to be used by tens of thousands of people around the world.
Unfortunately, a team of security researchers found out that hackers could control the device remotely because of a security bug.
Pen Test Partners, a cyber security firm, published their findings in a blog this week, suggesting men may want to think twice before surrendering to the Cell Mate.
‘Remote attackers could prevent the Bluetooth lock from being opened, permanently locking the user in the device’ security researcher Alex Lomas explained.
‘There is no physical unlock. An angle grinder or other suitable heavy tool would be required to cut the wearer free.’
Like many Bluetooth-enabled devices, software is needed to enable the connection between the app and the gadget. This is included in the app’s API – but unfortunately Qiui (the Chinese company behind the device) dropped the ball(s).
The company didn’t make sure the API was secured by a username and password, meaning it could be compromised by an outside attacker.
‘There is no emergency override function either, so if you’re locked in there’s no way out,’ Lomas said. Apparently, Pen Test Partners informed Qiui of the flaw back in June but it’s not clear if the vulnerability has been fixed.
‘This reinforced our decision to publish: clearly others were likely to find these issues independent of us, so the public interest case was made in our minds,’ Alex wrote.
This product is probably best described as a balls-up in more ways than one.