Cybersecurity specialists detected a security flaw in a technological device that functions as a chastity belt for men. Exploiting this vulnerability would allow hackers to block all active devices simultaneously. The main problem is that this device does not have a manual switch, so an affected user could have been seen in severe problems in case of a cyberattack.
The chastity belt, created by Qiui, is sold online for approximately $190 USD, reaching case 40 thousand devices sold, according to estimates of the company itself. The device connects via Bluetooth with a mobile app from where users can control locking and unlocking. For this, the software relies on sending commands to a server maintained by the manufacturer company.
Pen Test Partners experts reported finding a way to trick the company’s server into revealing the device’s user-registered name, as well as details such as location data and a unique code assigned to each toy.
An attack could cause the server to ignore requests made from the app to unlock the toy, so the carrier might get trapped, seeing himself in need of forcing the device.
The creators of the device corrected linked application after receiving a report from the experts, in addition to publishing a workaround that can be used to fix the bug in previous versions. The solution is to open the circuit board and press the batteries against two of the cables to activate an engine.
According to experts at Pen Test Partners, a company responsible for finding these flaws, the adult smart products industry still has a lot to learn in terms of cybersecurity. On previous occasions the company has reported similar flaws in sex toys: “The problem is that the manufacturers of these devices are released to the market without performing security tests. Most of the problems we’ve encountered have to do with leaking personal information, although we’ve never seen a flaw that could cause physical harm to the user,” says researcher Alex Lomas.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.