Internet-Connected Chastity Cages Hit By Bitcoin Ransom Hack
from the the-future-is-not-what-we-were-promised dept
If you hadn't noticed yet, the internet of things is a security and privacy shit show. Millions of poorly secured internet-connected devices are now being sold annually, introducing massive new attack vectors and vulnerabilities into home and business networks nationwide. Thanks to IOT companies and evangelists that prioritize gee-whizzery and profits over privacy and security, your refrigerator can now leak your gmail credentials, your kids' Barbie doll can now be used as a surveillance tool, and your "smart" tea kettle can now open your wireless network to attack.
So of course this kind of security and privacy apathy has extended to more creative uses of internet-connected devices. Case in point: last October, security researchers found that the makers of an IOT chastity cage -- a device used to prevent men from being able to have sex -- (this Amazon link has the details) had left an API exposed, giving hackers the ability to take remote control of the devices. And guess what: that's exactly what wound up happening. One victim and device user say he was contacted by a hacker who stated he wouldn't be able to free his genitals from the device unless he ponied up a bitcoin ransom.
Luckily his genitals weren't in the device at the time, though it's not clear other users were as lucky:
"A victim who asked to be identified only as Robert said that he received a message from a hacker demanding a payment of 0.02 Bitcoin (around $750 today) to unlock the device. He realized his cage was definitely "locked," and he "could not gain access to it." "Fortunately I didn’t have this locked on myself while this happened," Robert said in an online chat."
Given the often nonexistent security on internet of things devices, such problems aren't particularly uncommon in devices like not-so-smart thermostats. It's also a major problem in many hospitals where big medical conglomerates haven't been willing to pony up the money necessary to keep lifesaving technology private and secure. That said, "I had to pay some kid in the Ukraine $750 so I could access my own genitals" is a new wrinkle many hadn't seen coming.
It's just yet another reminder that you shouldn't connect everything to the internet just because you can. And you shouldn't endeavor to engage in such innovation unless you're willing to spend the money and take the time to ensure you're adhering to basic security and privacy standards. Whether a heart monitor or a sex toy, most companies still aren't after ten years of headlines like this. And despite some promising headway being made in policy, our response to the security dumpster fire that is the IOT remains a pretty hot, discordant mess.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bitcoin, chastity cage, hack, iot, ransomware, security
Reader Comments
Subscribe: RSS
View by: Time | Thread
Larry Niven said it best
If an idiot wants to lock his genitals up so anyone on the Internet can say "Narp, not unlocking you" that's just evolution in action.
Ehud
P.S. That's from Oath of Fealty, Larry Niven and Jerry Pournelle, 1981, to give credit where credit is certainly due.
[ reply to this | link to this | view in chronology ]
Well, you learn something new every day. Not the inevitable danger of such a device, but its existence...
Bonus points for "VICE" being the source link.
[ reply to this | link to this | view in chronology ]
Another problem with chastity cages . . .
Vendor Lock In
[ reply to this | link to this | view in chronology ]
Re: Another problem with chastity cages . . .
In this case the bigger problem is vendee lock in.
[ reply to this | link to this | view in chronology ]
Finally something the lockpicking lawyer refuses to open.
[ reply to this | link to this | view in chronology ]
And the doctor says..."Hold still while I cut this off of you".
[ reply to this | link to this | view in chronology ]
Damn, talk about getting cockblocked…
[ reply to this | link to this | view in chronology ]
Re:
More like cocklocked!
[ reply to this | link to this | view in chronology ]
Why does it seem so many of humanities problems start with a guy going... I know I'll stick my dick in it...
[ reply to this | link to this | view in chronology ]
It's a security fetish thing.
Come on, guys. We've already done the jokes about the internet chastity cage back in october. (Link provided in case you don't think this thread is big enough.)
The only difference now is that the cage is bitcoin-operated.
[ reply to this | link to this | view in chronology ]
There should be stiff penalties for this type of behavior!
[ reply to this | link to this | view in chronology ]
Re:
And I though stiff caused a penalty with such devices!
[ reply to this | link to this | view in chronology ]
Fun things.
How about the thought,
BASIC SECURITY so even an idiot can open it, incase of emergency?
If it really only has Bluetooth 4 digit Numbers, WHO cares if it gets locked.
The weakest/strongest security feature is only there and SAFE, if someone changes it. Just cause a series of products all have ADMIN and PASSWORD as the name and password. is only Safer IF you change it.(and not forget it)(not reset the device to un-configured).
Whats the most interesting thing about all of it, is How many of these devices can loose Power and reset to its failsafe. Admin/password.
Is this good/bad? Considering My customers tend to forget them anyway.
Dont mind the ones that Do have a builtin Switch to reset them, Until someone figures they can tap it then remote access the whole system.
In allot of this, How secure do you want some of these devices? Probably depends on the Use made of it. And that Barbie, SHOULD not be able to direct connect to the net.
The Fridge? Should just make a Call. It would be better if you had to press a button and it would THEN connect and order things Or print out your grocery list.
Anyone know the story of a car owner, found someone in Australia with the same car, and gained remote access to it, with the Vehicle ID(Vin #). who knew it was that easy?
https://i0.wp.com/tap.fremontmotors.com/wp-content/uploads/2018/08/vin-decode.jpg?resize=500%2 C250&is-pending-load=1#038;ssl=1
[ reply to this | link to this | view in chronology ]
Can vs. should
You can apply technology to almost anything. If you should, is a bigger question.
[ reply to this | link to this | view in chronology ]
Seriously though, what are they made of, titanium? How much trouble would they be to get off if necessary, really?
Let's see... $750.00, or however much this thing cost? Tough choice, i know. Sunk costs and all.
[ reply to this | link to this | view in chronology ]
Re:
Lets see, I have this grinder, or maybe a hammer and chisel will do,....
[ reply to this | link to this | view in chronology ]
Add Your Comment
Add A Reply