Hackers Demand Bitcoin to Unlock Hijacked Male Chastity Cages
The security risk of app-controlled BDSM devices is real.
The message was short, direct, and—considering what it referred to—terrifying: “Your c*ck is mine now.”
Unless that is, the hacker who’d taken control of the victim’s Cellmate male chastity device immediately received $750 in Bitcoin.
What’s more troubling is that Cellmate was warned about vulnerabilities in its app two years ago and that this wasn’t an isolated case.
Unless the industry takes this seriously, we may be looking at the beginning of a sex tech-specific ransomware nightmare.
‘Fortunately, I didn’t have this locked on—’
According to Smelly, the founder of the malware tracking site, vx-underground, the message above came from a screenshot taken by someone contacted by one of these illicit hackers.
Delving deeper, Motherboard found and interviewed similar victims. One, who preferred to identified only as Robert, shared his relief that he wasn’t using his Cellmate at the time:
Fortunately, I didn’t have this locked on myself while this happened.
Another, known as RJ, expressed the same:
I wasn’t the owner of the cage anymore, so I didn’t have full control over the cage at any given moment.
There’s a real possibility, however, that reports like these are just the tip of the iceberg, with considerably more Cellmate users affected or potentially held hostage. Their distress is perhaps exacerbated by guilt or shame regarding their sexuality, making them as socially trapped as they are by the ransomware demand.
Control and safety
Qiui says their China-based company “believes that a true chastity experience is one that does not allow the wearer to have any control over.”
A statement that somewhat touches on a sizably portion of chastity’s erotic allure, as in a person aroused by consensually reliquishing the control of their sexuality—somewith with and sometimes not by suitable hardware—to whoever holds the key.
Superficially, Cellmate appears well-designed with comfort for the wearer right up there with its intended purpose.
Setting it apart from other chastity rigs, however, was Qiui’s decision to jump on the Internet-of-things bandwagon by swapping out an actual, hold-in-your-hand key for Bluetooth via an Android or iOS smartphone app.
Under its hood is where things went horribly wrong.
If you’ve followed sex tech news and developments over the last few years you’re familiar with the ongoing security debate, where periodically white hat hackers publicly demonstrate how easily these kind of devices can often be breached.
So you’d think a large company like Qiui would’ve paid extra-attention to making products, like their cellmate, as secure as possible.
Warned—and now unresponsive
But this ostensibly was not been the case and may have cause unreported Cellmate users having to pay the financial and emotional price for Qiui’s oversight.
This is far from hyperbole, as Pen Test Partners, a company dedicated to identifying and calling attention to security issues, reported on Cellmate’s vulnerabilities back in October of 2019!
Qiui’s response to these ransomware attacks—as of the writing of this article—has been to not to respond to customers or reporters demanding to know what they’re doing about it.
Qiui's United States distributor has stated that a recent software upgrade should have addressed this issue. Though it’s all-but-impossible to know how effective this was, considering again how new or previous victims may not feel safe coming forward.
When smart is a dumb thing to do
There’s a bigger issue to consider, one I’m personally conflicted about, as, on one hand, I’m excited by the current wild and sexy world of sex tech—and extra at what might be coming next.
But then the other hand, developers must ensure their “smart” technology is thoroughly secure before jumping on the Internet-connected sex toy bandwagon, especially when it comes to BDSM-related devices that lock.
Not only that but if there is a breach, companies need to be held accountable and take responsibility.