Dangerous vulnerability found in an electronic chastity belt
Electronic devices that are powered by mobile apps, including sex toys, can do anything. One of them is called the Qiui Cellmate and is regarded as the “world’s first application-controlled male chastity belt.”
The Chinese-made Qiui Cellmate has become immensely popular and thousands of users have bought it to trap their penis inside it.
Its occupants allow a trusted colleague to remotely use the app to lock or unlock the lock.
Via an application programming interface, the application interacts with the lock (API).
But an issue is there. The English security company Pen Test Partners found a defect in the chastity lock of Qiui Cellmate, TechCrunch reported.
The API that allows the permanent locking of the lock and of the virile member was left open and without a password, according to the investigating body, which allows anyone to take full control of the system.
Since the lock was meant to lock under the user’s penis with a metal ring, experts note that releasing it requires a heavy-duty bolt cutter or angle grinder.
On his blog, Alex Lomas, a Pen Test Partners researcher, noted that the unit also does not have an emergency unlock feature.
“So if you are locked up you will have no way out,” he wrote.
TechCrunch lists some of the app’s user feedback.
“The app completely stopped working after three days and I’m stuck,” noted one occupant.
“It has already stuck twice when using it.”When using it, it has stuck twice already.