More and more items out there seem to be connected to the Internet for unnecessary reasons, which is mostly fine.
If you want a ladle that measures how much soup you eat a day and then sends the data to Jeff Bezos, that’s your business. We all have to make our peace with the data mining privacy gods.
BUT! Be careful. Not everyone putting a Bluetooth option into the gizmos they’re selling knows what they’re doing.
That means many of them are vulnerable to hacks, which a group of people using the Cellmate Chastity Cage realized too late.
A chastity cage is a sex toy often used in the BDSM community that basically wraps around your junk and either locks off access or prevents erections. People use them differently, but most often it’s about giving control over to someone else.
Just the same, most users probably didn’t want to sign that control away to an anonymous hacker. Vice reports that a number of users had their belts taken over by someone who messaged them, “Your c–k is mine now.”
In better circumstances, that might have been a turn on, but this hacker wanted $750 to unlock the device. One man, going by “Robert,” said, “Fortunately I didn’t have this locked on myself while this happened.”
People are baffled about why this loophole exists:
Like I don’t even get the point of having a smart cage.
Just to have Bluetooth capability on a lock?
Now you gotta go to the ER with a jailed penis.
— Carpe DM (@booo_rad) January 12, 2021
Well this got a lot of reactions…
One thing I'd like to point out is that it's fine to make jokes and everything, especially in bleak times like these. But please remember that these men are victims, and as someone said this is almost like remote sexual harassment.
— Lorenzo Franceschi-Bicchierai (he/him) (@lorenzofb) January 12, 2021
Actually, people were warned about the flaw by Pentest Partners, who do security research on just this kind of thing. The BBC reports that PP urged the company who builds cellmate, Chinese company Qiui, to fix the issue. Their chief executive told them that “when we fix it, it creates more problems.”
Five months later, PP went public with the information, which also probably is what attracted hackers to it. That was in October of 2020, and here we are. It seems as though everyone has been released via technical support, but the incident shows just how vulnerable we can be. And not in a hot way.