Smart chastity device could be hacked to lock users in permanently, security experts warn
Vulnerability could leave thousands of Qiui Cellmate users locked in while simultaneously exposing their location and other personal data
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A significant security flaw with an internet-connected chastity device means it can be hacked to lock users in permanently, researchers have warned.
Security firm Pen Test Partners discovered that the Qiui Cellmate is vulnerable to remote attacks, potentially leaving thousands of users locked in while simultaneously exposing their location and other personal data.
Qiui advertises the Cellmate as “the world’s first app-controlled chastity device”, offering features that include “worldwide control via app”.
The $200 sex toy is designed to lock around the user’s genitals while a trusted partner controls the keyless locking mechanism over Bluetooth through a mobile app.
The app also displays the wearer’s real-time location and status.
Removing the device without the app requires a heavy-duty tool such as an angle grinder.
“We discovered that remote attackers could prevent the Bluetooth lock from being opened, permanently locking the user in the device,” researchers at Pen Test Partners wrote in a blog post.
“There is no physical unlock. The tube is locked onto a ring worn around the base of the genitals, making things inaccessible… Location, plaintext password and other personal data was also leaked.”
The researchers warned that attackers could download the entire user database in just a couple of days and use the information for blackmailing purposes.
Location data of users was uncovered in Australia, China, the UK, US, as well as several other countries across Asia and Europe.
Pen Test Partners first disclosed the vulnerability to Qiui back in April but the issue was not fixed by the company, who cited a lack of funds.
The Independent has reached out to Qiui for comment.
The threat posed to Cellmate users forms part of a much wider trend that has seen countless security risks associated with internet-connected devices in recent years.
Manufacturers of so-called smart devices have been frequently criticised for treating security as an afterthought.
Last year, a study revealed that security cameras recommended and sold by Amazon come with “huge” security risks.
Buyers complained that hackers were able to hijack the cameras to spy on them and even talk to them through the in-built microphones.
Adam French, a consumer rights expert at Which?, said at the time: “There appears to be little to no quality control with these sub-standard products, which risk people’s security.”
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments