Hacker exploits smart chastity belt bug to hold penises hostage

The hacker demanded to be paid in Bitcoin, because of course they did.


Sex toy tech is a burgeoning industry often eliciting cheap jokes from people, but it truly presents some serious implications for consumers' digital privacy and security rights. But hey, no one says these two reactions are mutually exclusive. Don't believe us? Here: BDSM enthusiasts wearing remote-enabled chastity belts around their dicks are potentially getting caught between a rock and a hard place thanks to hackers breaching the device's software.

Putting users in a tough bind — According to multiple outlets, hackers discovered a security flaw within the API of a Bluetooth-enabled BDSM sex device called the Cellmate Chastity Cage that allowed them to simultaneously lock all currently in-use devices. The bug was initially first reported last October, but the solution wasn't so simple as issuing a software update; shutting down the then-current API would result in locking all of the devices from the Chinese-based manufacturer, Qiui. The company provided a revamped API for any new Cellmate purchasers, but the existing vulnerable software remained live and exploitable. Qiui offered numerous reassurances to deal with the issue, but it's never seemed to fully materialize. So, of course, the worst-case scenario is exactly what happened, as reported by Motherboard.


Bolt cutters and angle grinders — One user recounted receiving a hacker's message demanding a 0.02 Bitcoin ransom (around $750) or else their Cellmate would remain permanently locked. Given the Qiui's "smart" sex toy locks via a metal ring underneath a user's penis, it could have required something along the lines of a sizable bolt cutter or angle grinder to free oneself, which, y'know... is an absolutely terrifying thought. As the BBC noted in October, "Any other attempt to cut through the device's plastic body poses a risk of harm." "Fortunately I didn’t have this locked on myself while this happened," the individual known only as Robert told Motherboard.

Even more private parts could be exposed — If the thought of having one's genitals permanently encased in Chinese plastic isn't unsettling enough already, the security flaw underscored even deeper existential problems for users. Pen Test Partners, the British-based cybersecurity firm who first exposed the issues, also noted that the API exploit easily exposed users' passwords, private messages, and even precise geospatial locations, as seen below.

Pretty much all "Internet of Things" programming will inevitably run into bugs and possible security breaches, but these issues certainly become all the more serious (and even potentially dangerous) when some of your most literal and figurative sensitive information is on the line. The phrase "buyer beware" has never been more appropriate... so please, people. By all means, enhance and expand your sex lives. Just do so responsibly and safely on all fronts.