Hackers use ransomware to lock up internet-enabled chastity belts

Source code of the vulnerability is up on GitHub

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A published security flaw in aninternet-enabledmale chastity device was exploited by an attacker to remotely lock in wearers until they paid 0.02 bitcoins, valued around $270 around the time of the attacks, according to reports.

The Cellmate Chastity Cage, built by Chinese firm Qiui, is a connected sex toy with a companion app that can lock/unlock the device remotely over bluetooth.

Back in October 2020, UK security firm Pen Test Partners disclosed multiple vulnerabilities in the device that could allow anyone to lock the device and prevent the wearers from releasing themselves.

Major cock-up

Major cock-up

According to Pen Test Partners, the flaws exist in the API that’s used to communicate between the chastity cage and the mobile app: “It wouldn’t take an attacker more than a couple of days to exfiltrate the entire user database and use it for blackmail or phishing.”

Their premonition came true, and as per reports, the attacker exploited the vulnerability to mock their victims. Qiui, on its part, has now posted a video on its support page demonstrating how users can unlock their device, either by contacting the company, or manually using a screwdriver.

Meanwhile, it is reported that the source code of the ransomware is now publicly available on GitHub for research purposes.

Security flaws in internet-enabled sex toys aren’t new, and as always one should be prudent and do their research before purchasing smart gadgets, especially ones that have intimate use cases.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via:BleepingComputer

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Professionals are facing “tech overload” as they try to juggle multiple devices in the workplace