Clients of a company manufacturing remotely operated chastity devices have suffered a rather embarrassing mishap thanks to an unusual hacking.
It is quite the unusual hack, to put it mildly.
According to Vice, a hacker has decided to turn his attention towards owners of smart chastity devices, asking for a ransom for the unlocking of the sex toys. The ill-fortuned targets are those in possession of a Cellmate Chastity Cage belonging to the Chinese sex-toy manufacturer Qiui, that had its data hacked in October 2020. A few months later, a computer hacker made use of this leak to blackmail the users of this chastity device.
The items were sealed in the locked configuration, with no way to unlock it with the proprietary smart-phone application. The hacker does seem to enjoy a certain sense of humour: they sent a message to one of their victims claiming 'your cock is mine now.' Another target explained that the hacker had demanded a 0.02 Bitcoin ransom, which is roughly 490 pounds. Thankfully for the victims, none of them were wearing the affected toys at the time of the hacking.
Particularly vulnerable devices
While the whole affair may elicit a smirk or three, it does illustrate once again the difficulty with safeguarding connected objects, and their inherent vulnerability of the Internet of Things to computer hackers.
All the more since the Chinese sex-toy manufacturer Qiui took no preventive action following their hacking in October, thus leaving their users vulnerable to malicious hackers. When they were reached for comments, the company declined to make any statement.
The Internet of Dongs
During an investigation published in 2018, a researcher had exposed the particularly high vulnerability of sex toys.
After the assessment of a selection of multiple smart sex toys an abyss of vulnerabilities was revealed. The identified vulnerabilities range from technically interesting vulnerabilities to vulnerabilities which affect the privacy of the users in extreme and explicit ways.
Indeed, he had managed to wrest control of an object and thus access an internal database in which was the personal data of the users, such as name and address; all thanks to a simple configuration file on the manufacturer's website. He even had access to intimate pictures, shared by hundreds of users.