• Slight problem with a bdsm game ---- Cellmate: Male chastity gadget

    From a425couple@21:1/5 to All on Sun Oct 11 06:43:37 2020
    XPost: soc.subculture.bondage-bdsm, alt.sex.stories.d

    Slight problem with a bdsm game ----

    read the BBC story here:
    https://www.bbc.com/news/technology-54436575

    Cellmate: Male chastity gadget hack could lock users in

    By Leo Kelion Technology desk editor
    Published2 days ago

    Cellmate
    The Cellmate has been sold via several big-name online retailers as well
    as niche stores
    A security flaw in a hi-tech chastity belt for men made it possible for
    hackers to remotely lock all the devices in use simultaneously.

    The internet-linked sheath has no manual override, so owners might have
    been faced with the prospect of having to use a grinder or bolt cutter
    to free themselves from its metal clamp.

    The sex toy's app has been fixed by its Chinese developer after a team
    of UK security professionals flagged the bug.

    They have also published a workaround.

    This could be useful to anyone still using the old version of the app
    who finds themselves locked in as a result of an attacker making use of
    the revelation.

    Any other attempt to cut through the device's plastic body poses a risk
    of harm.

    Cellmate circuit board
    IMAGE COPYRIGHTPEN TEST PARTNERS
    image captionThe workaround involves prising open the circuit board and pressing batteries against two of the wires to trigger a motor
    Pen Test Partners (PTP) - the Buckingham-based cyber-security firm
    involved - has a reputation for bringing quirky discoveries to light,
    including problems with other sex toys in the past.

    It says the latest discovery indicates that the makers of "smart"
    adult-themed products still have lessons to learn.

    "The problem is that manufacturers of these other toys sometimes rush
    their products to market," commented Alex Lomas, a researcher at the firm.

    "Most times the problem is a disclosure of sensitive personal data, but
    in this case, you can get physically locked in."

    Lock and clamp
    Qiui's Cellmate Chastity Cage is sold online for about $190 (£145) and
    is marketed as a way for owners to give a partner control over access to
    their body.

    Pen Test Partners believe about 40,000 devices have been sold based on
    the number of IDs that have been granted by its Guangdong-based creator.

    The cage wirelessly connects to a smartphone via a Bluetooth signal,
    which is used to trigger the device's lock-and-clamp mechanism.

    But to achieve this, the software relies on sending commands to a
    computer server used by the manufacturer.

    The security researchers said they discovered a way to fool the server
    into disclosing the registered name of each device owner, among other
    personal details, as well as the co-ordinates of every location from
    where the app had been used.

    In addition, they said, they could reveal a unique code that had been
    assigned to each device.

    Cellmate user map
    IMAGE COPYRIGHTPEN TEST PARTNERS
    image captionA sample of the co-ordinates revealed by Cellmate's servers
    showed the device has been used worldwide
    These could be used to make the server ignore app requests to unlock any
    of the identified chastity toys, they added, leaving wearers locked in.

    Mr Lomas' team flagged the issue to Qiui in May, after which it updated
    its app as well as the server-based application programming interface
    (API) involved.

    But it still left an earlier version of the API online, meaning those
    who had not downloaded the latest version of the app theoretically
    remained at risk.

    Pen Test Partners sent follow-up emails urging this to be addressed and involved the news site Techcrunch to help press for action.

    Techcrunch said Qiui's chief executive subsequently told it he had tried
    to tackle the issue but added: "When we fix it, it creates more problems."

    Five months on from first getting in touch, the UK security team decided
    to go public.

    "Given the trivial nature of finding some of these issues and that Qiui
    is working on another internal device, we felt compelled to publish," Mr
    Lomas said.

    Pen Test Partners acknowledged that in doing so, however, it made a
    real-world attack more likely.

    The BBC has asked Qiui to comment.

    Techcrunch reported there was no evidence that the hack had been
    exploited by anyone to cause harm.

    But it noted that one online reviewer who appeared to have got locked in
    due to an unrelated bug posted that he had been left with "a bad scar
    that took nearly a month of recovery".

    Related Topics
    Cyber-security

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Brian G@21:1/5 to a425couple@hotmail.com on Sat Oct 17 11:30:07 2020
    XPost: soc.subculture.bondage-bdsm, alt.sex.stories.d

    Yes read this, though do not really understand how the device is supposed to work while giving access to normal bodily functions. It is interesting also
    to note that some years a ago an episode of CSI Cyber did highlight the use
    of Sex toys not only to get info about people for blackmail purposes, but
    as a vector to do other things. Of course it was stretched out so it had a murder and a demented person who saw all the hacked into people as his
    family and started trying to avenge the murder himself.

    Brian

    --

    -----
    Mildew_spores@blueyonder.co.uk is the alter ego of
    Brian G.
    Anything goes here.
    Ambiguous statement intended.
    "a425couple" <a425couple@hotmail.com> wrote in message news:rlv268119i@news2.newsguy.com...
    Slight problem with a bdsm game ----

    read the BBC story here:
    https://www.bbc.com/news/technology-54436575

    Cellmate: Male chastity gadget hack could lock users in

    By Leo Kelion Technology desk editor
    Published2 days ago

    Cellmate
    The Cellmate has been sold via several big-name online retailers as well
    as niche stores
    A security flaw in a hi-tech chastity belt for men made it possible for hackers to remotely lock all the devices in use simultaneously.

    The internet-linked sheath has no manual override, so owners might have
    been faced with the prospect of having to use a grinder or bolt cutter to free themselves from its metal clamp.

    The sex toy's app has been fixed by its Chinese developer after a team of
    UK security professionals flagged the bug.

    They have also published a workaround.

    This could be useful to anyone still using the old version of the app who finds themselves locked in as a result of an attacker making use of the revelation.

    Any other attempt to cut through the device's plastic body poses a risk of harm.

    Cellmate circuit board
    IMAGE COPYRIGHTPEN TEST PARTNERS
    image captionThe workaround involves prising open the circuit board and pressing batteries against two of the wires to trigger a motor
    Pen Test Partners (PTP) - the Buckingham-based cyber-security firm
    involved - has a reputation for bringing quirky discoveries to light, including problems with other sex toys in the past.

    It says the latest discovery indicates that the makers of "smart" adult-themed products still have lessons to learn.

    "The problem is that manufacturers of these other toys sometimes rush
    their products to market," commented Alex Lomas, a researcher at the firm.

    "Most times the problem is a disclosure of sensitive personal data, but in this case, you can get physically locked in."

    Lock and clamp
    Qiui's Cellmate Chastity Cage is sold online for about $190 (£145) and is marketed as a way for owners to give a partner control over access to
    their body.

    Pen Test Partners believe about 40,000 devices have been sold based on the number of IDs that have been granted by its Guangdong-based creator.

    The cage wirelessly connects to a smartphone via a Bluetooth signal, which
    is used to trigger the device's lock-and-clamp mechanism.

    But to achieve this, the software relies on sending commands to a computer server used by the manufacturer.

    The security researchers said they discovered a way to fool the server
    into disclosing the registered name of each device owner, among other personal details, as well as the co-ordinates of every location from where the app had been used.

    In addition, they said, they could reveal a unique code that had been assigned to each device.

    Cellmate user map
    IMAGE COPYRIGHTPEN TEST PARTNERS
    image captionA sample of the co-ordinates revealed by Cellmate's servers showed the device has been used worldwide
    These could be used to make the server ignore app requests to unlock any
    of the identified chastity toys, they added, leaving wearers locked in.

    Mr Lomas' team flagged the issue to Qiui in May, after which it updated
    its app as well as the server-based application programming interface
    (API) involved.

    But it still left an earlier version of the API online, meaning those who
    had not downloaded the latest version of the app theoretically remained at risk.

    Pen Test Partners sent follow-up emails urging this to be addressed and involved the news site Techcrunch to help press for action.

    Techcrunch said Qiui's chief executive subsequently told it he had tried
    to tackle the issue but added: "When we fix it, it creates more problems."

    Five months on from first getting in touch, the UK security team decided
    to go public.

    "Given the trivial nature of finding some of these issues and that Qiui is working on another internal device, we felt compelled to publish," Mr
    Lomas said.

    Pen Test Partners acknowledged that in doing so, however, it made a real-world attack more likely.

    The BBC has asked Qiui to comment.

    Techcrunch reported there was no evidence that the hack had been exploited
    by anyone to cause harm.

    But it noted that one online reviewer who appeared to have got locked in
    due to an unrelated bug posted that he had been left with "a bad scar that took nearly a month of recovery".

    Related Topics
    Cyber-security

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)