Qiui Cellmate Male Chastity Device Bug Allowed Attacker to Lock It Forever

Security researchers found a bug in the application controlling the Qiui Cellmate chastity device for men. If successful, an attacker could lock the device forever, leaving the device’s owner or the app with no way of removing it, short of destroying the device.

The Internet of Things (IoT) ecosystem demonstrates once more that it can cover even the most obscure market niches. The fact that a company thought of, designed, marketed, and eventually sold a chastity device for men, controllable with a smartphone, shouldn’t surprise anyone anymore.

The idea behind the device is straightforward. Partners can lock their loved one’s device, ensuring they remain faithful. Bringing these ancient concepts into the digital world doesn’t come without risk, and getting stuck with an IoT chastity device certainly falls into that category.

Security researchers from Pen Test Partners discovered a bug in the API that controls the communication between the device and the smartphone. Because the API isn’t secure, basically anyone with the right tools can take over the device and lock it.

“We discovered that remote attackers could prevent the Bluetooth lock from being opened, permanently locking the user in the device,” said security researchers.

“There is no physical unlock. The tube is locked onto a ring worn around the base of the genitals, making things inaccessible. An angle grinder or other suitable heavy tool would be required to cut the wearer free,” they continued.

The researchers discovered that unlocking the mechanism is not all that easy. The simplest method was to pry open the case and directly connect a three-volt battery to the locking motor, forcing it to open. Making matters worse, the Qiui Cellmate developers issued a fix that only works for people who download the app update. Also, the application leaked messages, passwords and the geographical location of the user.