An attacker allegedly seized control of the internet-connected, genital-trapping devices and stipulated payment in crypto.
There has been a surge of internet-connected smart devices that offered professed upgrades than the average, “dumb” versions of products, and it consists of features like remote access and control. But there is a device that one might want to reconsider attaching to one’s body, and there is a Bitcoin twist.
An app-controlled chastity cage product named Cellmate – which locks the wearer’s schlong in a polycarbonate shell – has been hacked, with the attacker controlling all the devices and demanding a ransom in Bitcoin from attacked users.
The attacker allegedly locked the cages of several victims and forced a ransom of 0.02 Bitcoin (around $650 as of now) each to free them from their respective cage.
“Your cock is mine now,”
Ransomware attackers typically preferred cryptocurrency because of its difficulty in tracking transactions. Bitcoin is a popular coin with such demands, as seen in many high-profile ransomware attacks, although privacy-centric coins like Monero are also common.
The news came after an October report about a security flaw in the Cellmate API, which UK security firm Pen Test Partners stated could leave attacked users trapped permanently.
“We discovered that remote attackers could prevent the Bluetooth lock from being opened, permanently locking the user in the device,” the firm stated. “There is no physical unlock. The tube is locked onto a ring worn around the base of the genitals, making things inaccessible. An angle grinder or other suitable heavy tool would be required to cut the wearer free.”
The Chinese manufacturer of Cellmate, Qiui, purportedly stopped responding to Pen Test Partners after six months of communication about the issues from Pen Test and other security researchers and journalists. With the latest word about attackers targeting Cellmate users, it seems that the API flaw hasn’t been addressed until now.
“Almost every company and product is going to have some kind of vulnerability in its lifetime. Maybe not as bad as this one, but something,” Pen Test Partners security researcher Alex Lomas said. “It’s important that all companies have a way for researchers to contact them, and that they keep in touch with them.”
No Comment