Chastity Penis Lock Company That Was Hacked Says It's Now Totally Safe To Put Your Penis Back In That Chastity Lock

from the fool-me-once dept

While we’ve covered the Internet of Broken Things for some time, where companies fail to secure the devices they sell which connect to the internet, the entire genre sort of jumped the shark in October of last year. That’s when Qiui, a Chinese company, was found to have sold a penis chastity lock that communicates with an API that was wide open and sans any password protection. The end result is that users of a device that locks up their private parts could enjoy those private parts entirely at the pleasure of nefarious third parties. Qiui pushed out a fix to the API… but didn’t do so for existing users, only new devices. Why? Well, the company stated that pushing it out to existing devices would again cause them to all lock up, with no override available. Understandably, there wasn’t a whole lot of interest in the company’s devices at that point.

But fear not, target market for penis chastity locks! Qiui says it’s now totally safe to use the product again!

Now, the European distributor of the chastity cage, which is called CELLMATE, wants everyone to know that it’s safe to use the device after the release of a new app, which it says fixed the vulnerabilities in the API used to control it.

“Our product and brand (CELLMATE) has received quite a bit of negative attention because of this publication. Now, you can think ‘negative publicity is also publicity,’ but unfortunately it turned out completely different for the CELLMATE,” Dennis Jansen, who works for Desudo, a distributor of the CELLMATE device, told Motherboard in an email, referring to our first story on the hack. “This wrongly created the image that our product could be hacked, after which the genitals of the wearer would be permanently locked up. Although such a situation was not even realistic at the time of publication (as you can read and see here), this story has made current and potential users unfairly frightened of our product. You will understand that this has had absolutely no positive effect on the attention and interest in using the CELLMATE.”

A couple of things to note here. First, this whining about press coverage is roughly as tone deaf as it could possibly be. Second, while an emergency release accessible with a screwdriver may indeed by a thing, it seems not every user of the device is aware of that, given that at least one victim claims he had to use bolt cutters which left him bleeding. “It fucking hurt,” he told Motherboard. Which, yeah.

But perhaps most important to this story is that anyone that actually wants to see the third party pen test for the API can go pound sand. Pen Test Partners, who originally discovered and reported the flaw, was reportedly brought in to assess the third party pen test as well. Asked if they would sign off that the device was now safe to use, reps from the company basically shrugged.

The founder of Pen Test Partners, Ken Munro, and the researcher who audited the CELLMATE, Alex Lomas, both confirmed to Motherboard that they did receive the third-party assessment and that the document says the issues are now resolved. But they also said they can’t confirm the results, as they have not audited the device and its app and API since last year.

“I don’t think I can comment more about the safety or otherwise of the product at this stage, I think people hopefully have enough information to make their own judgements,” Lomas told Motherboard in an online chat.

Not exactly a ringing endorsement, obviously. The point is that the reputation cost for any company that allows this kind of vulnerability doesn’t normally put a company in the position of trust for these kinds of fixes. That lack of trust likely becomes supercharged when people’s naughty bits are involved. What’s really needed here, should the companies and their distributors want to restore trust with the public, is transparency. Sadly, that doesn’t seem to be in the offering.

Filed Under: , ,
Companies: qiui

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Chastity Penis Lock Company That Was Hacked Says It's Now Totally Safe To Put Your Penis Back In That Chastity Lock”

Subscribe: RSS Leave a comment
41 Comments
Ehud Gavron (profile) says:

Long story, but let's cut to the chase...

I don’t mean to criticize anyone’s fetish, so keep that in mind. Every human on earth should be entitled to enjoy their choices. My opinion is only about the risk/reward structure.

If you’re SO BLESSED STUPID you put your GOSH DARN DIRK in a LOCK that some MORON ON THE INTERNET can HACK you’re a BLESSED IDIOT who shouldn’t have that dirk so you don’t breed further.

Google "darwin" and have a great day.

BLESSED people out there. Seriously. https://www.nbc.com/saturday-night-live/video/snl-digital-short-d-in-a-box/3505985

Ehud
P.S. I’m a huge fan of Dirk Benedict (Starbuck from Battlestar Galactica) so don’t take my changing words to keep this kid-friendly from thinking I’m besmirching Dirk. He’s awesome. Seriously.

Scary Devil Monastery (profile) says:

Re: Long story, but let's cut to the chase...

"If you’re SO BLESSED STUPID you put your GOSH DARN DIRK in a LOCK that some MORON ON THE INTERNET can HACK you’re a BLESSED IDIOT who shouldn’t have that dirk so you don’t breed further."

Now now…some people do get off on the idea they’ve put sole control of their wiener in the hands of some internet rando with a RAT kit. Or in the case of Qiui, the perfect tool for citizens so enamored with their government they want to show their faith by giving uncle Xi veto rights over their dongle.

This comment has been deemed funny by the community.
That One Guy (profile) says:

Re: The birds and the... broadswords?

If you’re SO BLESSED STUPID you put your GOSH DARN DIRK in a LOCK that some MORON ON THE INTERNET can HACK you’re a BLESSED IDIOT who shouldn’t have that dirk so you don’t breed further.

All I can say is that if reproduction involves daggers in your mind whoever taught sex-ed to you has some horrible misconceptions and really needs to seek further education on the matter.

Rekrul says:

Re: Long story, but let's cut to the chase...

P.S. I’m a huge fan of Dirk Benedict (Starbuck from Battlestar Galactica) so don’t take my changing words to keep this kid-friendly from thinking I’m besmirching Dirk. He’s awesome. Seriously.

Did you ever see Ruckus (1980)? He stars as a shell-shocked Vietnam vet who gets hassled when he passes through a small town, ends up making friends with LInda Blair’s character, and beats the crap out of the intolerant locals. Kind of a less violent version of First Blood (Rambo). More like A-Team levels of violence.

It’s not bad. It used to play on the pay channels all the time and I always enjoyed it.

Scary Devil Monastery (profile) says:

Re: Re: Re:

"…I absolutely refuse to test that product under any circumstances whatsoever."

Given the target demographic, what would you even test?

"…So I put it on, and now I have no idea when it unlocks or why, randomly. Top notch. 10/10, Would Wear Again!"

There’s just a lot of aspects around IoT-devices in general which make them pretty tough to properly evaluate. Sex toys especially.

I still can’t believe remote-controlled penis locks are an actual thing. This just takes Orwell for a nasty spin into Wes Craven territory.

Christenson says:

Re: Why connect my THING to the internet?

When my THING uses a substantial amount of power, which can be deferred, or involves electronics….

Then there are benefits that can be had for the power grid for it…cheaper electricity by deferring to low-load or high-supply periods, voltage regulation, and VAR compensation. All from computer-controlled power electronics with appropriate information, security, and owner consent.

It’s that consent part that’s hard, though…with security not far behind. The information is why you have the network connection.

And this neglects remote cameras and remote-controlled infrastructure, such as water utilities. These have good use cases.

Rekrul says:

Re: Re:

Try as I might, I just can’t understand why a chastity belt – along with a large majority of other things * – needs Internet connectivity in the first place.

Well, if you accept that some guys get excited by letting someone else decide when they’re allowed to have sexual pleasure, the internet connectivity allows the other person to remotely unlock the device. It could also be a practical matter, say if it was locked on and the wearer was in an accident and being taken to the hospital. It would save the hospital staff from having to find a pair of bolt cutters.

This comment has been deemed funny by the community.
Anonymous Coward says:

About as sensible as sticking your bits in the pickle slicer?

A man worked in a pickle factory. He had been employed there for many years when he came home one day to confess to his wife that he had a terrible compulsion. He had an urge to stick his penis into the pickle slicer.

His wife suggested that he should see a sex therapist to talk about it, but Bill said he would be too embarrassed. He vowed to overcome the compulsion on his own.

One day a few weeks later, Bill came home and his wife could see at once that something was seriously wrong.

"What’s wrong, Bill?" she asked.

"Do you remember that I told you how I had this tremendous urge to put my penis into the pickle slicer?"

"Oh, Bill, you didn’t!" she exclaimed.

"Yes, I did," he replied.

"My God, Bill, what happened?" she asked.

"I got fired," he replied.

"No, Bill. I mean, what happened with the pickle slicer?" she demanded.

"She got fired too."

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...