Unsecured Bluetooth Penis-Chastity Lock Toy: Bad Idea
Look, folks. Sometimes “just because we can” is not a good enough reason to hook your sex toys to the internet. Sometimes, the old analog ways of doing things are better. Especially if what you’re doing is locking up your penis:
But wait! Wouldn’t if be fun if we didn’t need a key? We could Bluetooth it! And have an app! And then my virtual keyholder could lock or unlock the cock from anywhere in the world! What could possibly go wrong?
What could go wrong, you ask? Here’s your answer: The Qiui internet-connected penis chastity lock. Zack Whittaker at Tech Crunch has the story: Security flaw left ‘smart’ chastity sex toy users at risk of permanent lock-in
This could have been bad.
U.K.-based security firm Pen Test Partners said the flaw in the Qiui Cellmate internet-connected chastity lock, billed as the “world’s first app controlled chastity device,” could have allowed anyone to remotely and permanently lock in the user’s penis.
The Cellmate chastity lock works by allowing a trusted partner to remotely lock and unlock the chamber over Bluetooth using a mobile app. That app communicates with the lock using an API. But that API was left open and without a password, allowing anyone to take complete control of any user’s device.
Because the chamber was designed to lock with a metal ring underneath the user’s penis, the researchers said it may require the intervention of a heavy-duty bolt cutter or an angle grinder to free the user.
I’m no expert on penis cages or lockable male chastity devises, but I gather some users enjoy having other parties in control of when and how they can free their dick long enough to have a satisfying sexual experience.
You might trust your lover with the keys to that experience. But once you connect your cock lock to the internet, suddenly there’s a third party in your triangle of lust and frustration: A basement crew of unresponsive Chinese developers, along with everybody in the world smart enough to hack their weak-ass software. How’s that going to end? Not well!
Qiui chief executive Jake Guo told TechCrunch that a fix would arrive in August, but that deadline came and went. “We are a basement team,” he said…
It’s not known if anyone maliciously exploited the vulnerable API. Several user reviews of the app complained that the app had bugs that would cause the device to stay locked.
Image credits, top to bottom: Kami Tora, Froaden, KD Pierre.
Similar Sex Blogging:
Shorter URL for sharing: https://www.erosblog.com/?p=25747
Bad as this is, the linked article tries to make this seem even worse: The devices fail safe, meaning that once the battery runs out it opens…. after 8-12 months :-|
I missed that detail! But if it’s true, all that talk of bolt cutters and angle grinders is nonsense. Some precision drilling with a tiny drill into the battery compartment (with a titanium spatula slipped between the unit and your “unit” to protect against drilling errors) followed by a warm bath in salt water would be enough to short out the battery and pop everything open.
[…] you think the craziest thing about the whole insecure Cellmate dick-chastity device story was the idea, not of locking up your junk, but of entrusting the safety of your locked-up junkg to […]
This problem is way overhyped.
1: they issued a fix for this months ago; get the latest version of the app and you should be fine
2: even if someone locks you the wearer always has the option to use the small red padlock icon to ‘safeword’ past any restriction – it is reported to the keyholder but there is nothing they can do to stop you from using it.
3: you can contact quiu support and have them release you/return control to your app. – their support is in china and it may take a few days
4: even if you are locked and do not have the device registered to your cell phone (as wearer) you can still (rather easily) jimmy the locking pin by inserting a small sewing needle (or a thin ‘slim jim’ style piece of metal along the edge of the locking pin – the “lock” is just a spring actuated cam that can easily be pushed on by a small needle allowing the locking pin to be released.
5: if that (for whatever reason) doesn’t work for you then you can get to the locking circuit inside the cage by prying open the vinyl pad that surrounds the button on the front of the cage (a jewelers screwdriver works well) – then you can see access 2 small set screws that can be removed to expose the terminals, the bluetooth and lock actuator (this does break the water resistant seal making it more likely to damage when exposed to water so I would suggest trying the prior method first).
6: if that method still does not work you can use bolt cutters to cut the metal ring that surrounds the testicles – that ring (the factory version) is a zinc alloy and not that difficult to cut. – there are 3d printed replacements available online for cheaper than what the manufacturer charges for a replacement – note that they come in a wider range of sizes.
Note: if you have a battery failure/circuit failure while this is locked in place the cage may no longer respond to the app while it is locked in place – these exact same steps above can be used as a backup plan in case of device failure. Ultimately this is just a toy; some people can worm their way out of the cage with a bit of effort (not all but it is certainly possible for some people). The app itself is a frustrating/non-intuitive mess but it does work;
also the well publicized “your cock belongs to me” story from a few months ago was a hoax by a comedian. there WAS a vulnerability and it is possible to give away control to your cage intentionally and then regret it (not hacking, but there are findoms out there (and others) that will play games to exploit you so stick to SSC (as you should in ALL bdsm activities)