Penetration Testers Discover Security Cock-up in IoT Chastity Cages

A forum for video games, new & retro, on consoles, computers, handheld & mobile. Also for tech talk, things like PC parts, phones etc.
Post Reply
User avatar
Roofus
Slippin' Jimmy
Posts: 1417
Joined: Sat Mar 26, 2016 4:03 am

Penetration Testers Discover Security Cock-up in IoT Chastity Cages

Post by Roofus » Fri Oct 09, 2020 8:55 am



Example #69 of why the Internet of Shit is a bad idea: Penetration testers found that the Cellmate brand chastity cage can be remotely hacked and permanently locked onto the wearer, requiring a potentially embarrassing trip to the ER, since there's no manual override.
In their brilliantly-titled report "Smart male chastity lock cock-up," they describe how hackers can take over the leaky device:

We discovered that remote attackers could prevent the Bluetooth lock from being opened, permanently locking the user in the device. There is no physical unlock. The tube is locked onto a ring worn around the base of the genitals, making things inaccessible. An angle grinder or other suitable heavy tool would be required to cut the wearer free.
Location, plaintext password and other personal data was also leaked, without need for authentication, by the API.
Penetration testing, indeed! I'll spare you all the easy jokes that hacks on Twitter are feverishly pecking out right now.

Source: Boing Boing

Post Reply