Internet-Connected Chastity Cages Hit By Bitcoin Ransom Hack

from the the-future-is-not-what-we-were-promised dept

If you hadn’t noticed yet, the internet of things is a security and privacy shit show. Millions of poorly secured internet-connected devices are now being sold annually, introducing massive new attack vectors and vulnerabilities into home and business networks nationwide. Thanks to IOT companies and evangelists that prioritize gee-whizzery and profits over privacy and security, your refrigerator can now leak your gmail credentials, your kids’ Barbie doll can now be used as a surveillance tool, and your “smart” tea kettle can now open your wireless network to attack.

So of course this kind of security and privacy apathy has extended to more creative uses of internet-connected devices. Case in point: last October, security researchers found that the makers of an IOT chastity cage — a device used to prevent men from being able to have sex — (this Amazon link has the details) had left an API exposed, giving hackers the ability to take remote control of the devices. And guess what: that’s exactly what wound up happening. One victim and device user say he was contacted by a hacker who stated he wouldn’t be able to free his genitals from the device unless he ponied up a bitcoin ransom.

Luckily his genitals weren’t in the device at the time, though it’s not clear other users were as lucky:

“A victim who asked to be identified only as Robert said that he received a message from a hacker demanding a payment of 0.02 Bitcoin (around $750 today) to unlock the device. He realized his cage was definitely “locked,” and he “could not gain access to it.”
“Fortunately I didn?t have this locked on myself while this happened,” Robert said in an online chat.”

Given the often nonexistent security on internet of things devices, such problems aren’t particularly uncommon in devices like not-so-smart thermostats. It’s also a major problem in many hospitals where big medical conglomerates haven’t been willing to pony up the money necessary to keep lifesaving technology private and secure. That said, “I had to pay some kid in the Ukraine $750 so I could access my own genitals” is a new wrinkle many hadn’t seen coming.

It’s just yet another reminder that you shouldn’t connect everything to the internet just because you can. And you shouldn’t endeavor to engage in such innovation unless you’re willing to spend the money and take the time to ensure you’re adhering to basic security and privacy standards. Whether a heart monitor or a sex toy, most companies still aren’t after ten years of headlines like this. And despite some promising headway being made in policy, our response to the security dumpster fire that is the IOT remains a pretty hot, discordant mess.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Internet-Connected Chastity Cages Hit By Bitcoin Ransom Hack”

Subscribe: RSS Leave a comment
31 Comments
ECAsays:

Fun things.

How about the thought,
BASIC SECURITY so even an idiot can open it, incase of emergency?
If it really only has Bluetooth 4 digit Numbers, WHO cares if it gets locked.
The weakest/strongest security feature is only there and SAFE, if someone changes it. Just cause a series of products all have ADMIN and PASSWORD as the name and password. is only Safer IF you change it.(and not forget it)(not reset the device to un-configured).

Whats the most interesting thing about all of it, is How many of these devices can loose Power and reset to its failsafe. Admin/password.
Is this good/bad? Considering My customers tend to forget them anyway.
Dont mind the ones that Do have a builtin Switch to reset them, Until someone figures they can tap it then remote access the whole system.

In allot of this, How secure do you want some of these devices? Probably depends on the Use made of it. And that Barbie, SHOULD not be able to direct connect to the net.
The Fridge? Should just make a Call. It would be better if you had to press a button and it would THEN connect and order things Or print out your grocery list.
Anyone know the story of a car owner, found someone in Australia with the same car, and gained remote access to it, with the Vehicle ID(Vin #). who knew it was that easy?
https://i0.wp.com/tap.fremontmotors.com/wp-content/uploads/2018/08/vin-decode.jpg?resize=500%2C250&is-pending-load=1#038;ssl=1

Scary Devil Monasterysays:

Re: Fun things.

"BASIC SECURITY so even an idiot can open it, incase of emergency?"

Given my own experience in IT…I think it’s a safe assumption to make that most of the users ill be bigger idiots than the hackers, by far.

Yeah, you can dumb the security down until the average user will be able to work their way through the 4-digit pin. That just leaves us with the neighborhood kids being able to repetitively force the users to spend hours of brute-forcing the pin or unlock the damn thing with a pair of bolt cutters.

If the solution only inconveniences the user and encourages the trolls you’re probably better off making the lock physical and taking the risk of your future sex life disappearing down a storm drain along with the key…

Scary Devil Monasterysays:

Re: Re:

"To be fair, I?d be nervous about using force to remove anything right by my genitals."

The darwin awards homepage is full of examples of people who would cheerfully use a welding torch or explosives to rid themselves of the temporary inconvenience, let alone hammer and chisel. I guess it only shows that some people will always be left stumped by technology.

Scary Devil Monasterysays:

Re: Re: Re:

"but sure some emergency doctor or whatever action might compete with the $750.00 price tag."

Depends on whether the victim’s kinks included shame play in which case it’s a win all around? Judge not, and all that.

You’d think that my early years as a DBA would have inured me to human stupidity, and yet the idea that there are people out there willing to strap, to their genitals, remotely operated and badly secured machinery, still shocks me.

Anonymoussays:

Re:

How much trouble would they be to get off if necessary, really?

Would you want someone using a cutting tool near your genitals, on a device with a lithium battery? The report linked from one of the articles shows how to safely remove it, by accessing the motor wires and directly applying power:
https://www.pentestpartners.com/security-blog/smart-male-chastity-lock-cock-up/?=october-5-2020

The BBC also has a picture: https://www.bbc.com/news/technology-54436575

You can’t make this stuff up. Why would you? That would be a waste of everyone’s time.

ECAsays:

Re:

really?
So no matter how weak or Stupid the maker is to use it..
That it interconnects Direct to your router and MAYBE an internet site. Or just the kids BT connection on their PHONE, and they hack it.
Who is responsible?
The kids for a 4 digit code?
You for not changing the BASIC name/password
The company that Made all the codes the same, and Probably not changeable.
OR that the ITEM is broadcasting itself to everyone in 300 feet? And not being SILENT, so that no one Knows you are wearing one. And that you have to have the MAC address to connect to it.

Rekrulsays:

While I agree that not everything should be connected to the net and that the things that are need to have better security, all IOT devices should have a way to wipe the current settings and firmware and reset them to the factory defaults. This ability should be in ROM and therefore immune to hacking. Someone hacks your device and changes the password or corrupts the firmware? Just reset to the factory defaults. You may have to re-configure it or even do a firmware update, but it nullify any ransomware attack. What’s that you say? If the firmware has been hacked, it could destroy the code that does the reset? Not if that code is in ROM. You trigger the reset, it executes the ROM code to re-flash the firmware to the default. Of course this presents a problem if the reset code has a bug that needs to be patched, which is why companies would need to make sure that it’s bug-free before they shipped it. You know, the way companies used to do things before today’s model of "Ship it broken, we’ll patch it later."

I would recommend that such a reset be designed so that it can only be triggered manually from the actual device itself and not remotely.

In the case of a smart chastity device, maybe a special tool or cable could be employed to ensure that the wearer couldn’t just reset it at will.

And as for removing the Cell Mate without the code, a pair of bolt cutters to cut the ring would probably suffice. Failing that, even a fiber cutting wheel in a Dremel would probably make short work of the ring. I’ve used them to cut bolts. First pull the penis out the back (there is NOTHING to prevent this), then cut the ring on each side.

Andron Silversays:

Well, guys, as you can see the role of the bitcoin is above everything that was mention by that gentleman in 2011. Now everyone understands its power and how it influences the business. Of course, it works oppositely. I mean, such persons like Mask can influence its value and use that. But I still believe it will grow in the future. Nevertheless, I also try to invest in other cryptocurrencies that have a reasonable price now. I play with crypto on fairspin io and try to multiply my digital saving there. Well, I need to learn more about that world to earn more. At least, I know the game is honest as I can check it through blockchain.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
Older Stuff
13:40 It's Great That Winnie The Pooh Is In The Public Domain; But He Should Have Been Free In 1982 (Or Earlier) (35)
12:06 Norton 360 Now Comes With Crypto Mining Capabilities And Sketchy Removal Process (28)
10:45 Chinese Government Dragnet Now Folding In American Social Media Platforms To Silence Dissent (14)
10:40 Daily Deal: The 2022 Ultimate Cybersecurity Analyst Preparation Bundle (0)
09:29 A Fight Between Facebook And The British Medical Journal Highlights The Difficulty Of Moderating 'Medical Misinformation' (9)
06:29 Court Ruling Paves The Way For Better, More Reliable Wi-Fi (4)
20:12 Eighth Circuit (Again) Says There's Nothing Wrong With Detaining Innocent Minors At Gunpoint (15)
15:48 China's Regulatory War On Its Gaming Industry Racks Up 14k Casualties (10)
13:31 Chinese Government Fines Local Car Dealerships For Surveilling While Not Being The Government (5)
12:08 Eric Clapton Pretends To Regret The Decision To Sue Random German Woman Who Listed A Bootleg Of One Of His CDs On Ebay (29)
10:44 ICE Is So Toxic That The DHS's Investigative Wing Is Asking To Be Completely Separated From It (29)
10:39 Daily Deal: The 2022 Complete Raspberry Pi And Arduino Developer Bundle (0)
09:31 Google Blocked An Article About Police From The Intercept... Because The Title Included A Phrase That Was Also A Movie Title (24)
06:22 Wireless Carriers Balk At FAA Demand For 5G Deployment Delays Amid Shaky Safety Concerns (16)
19:53 Tenth Circuit Denies Qualified Immunity To Social Worker Who Fabricated A Mother's Confession Of Child Abuse (35)
15:39 Sci-Hub's Creator Thinks Academic Publishers, Not Her Site, Are The Real Threat To Science, And Says: 'Any Law Against Knowledge Is Fundamentally Unjust' (34)
13:32 Federal Court Tells Proud Boys Defendants That Raiding The Capitol Building Isn't Covered By The First Amendment (25)
12:14 US Courts Realizing They Have A Judge Alan Albright Sized Problem In Waco (17)
10:44 Boston Police Department Used Forfeiture Funds To Hide Purchase Of Surveillance Tech From City Reps (16)
10:39 Daily Deal: The Ultimate Microsoft Excel Training Bundle (0)
09:20 NY Senator Proposes Ridiculously Unconstitutional Social Media Law That Is The Mirror Opposite Of Equally Unconstitutional Laws In Florida & Texas (25)
06:12 Telecom Monopolies Are Exploiting Crappy U.S. Broadband Maps To Block Community Broadband Grant Requests (7)
12:00 Funniest/Most Insightful Comments Of 2021 At Techdirt (17)
10:00 Gaming Like It's 1926: Join The Fourth Annual Public Domain Game Jam (6)
09:00 New Year's Message: The Arc Of The Moral Universe Is A Twisty Path (33)
19:39 DHS, ICE Begin Body Camera Pilot Program With Surprisingly Good Policies In Place (7)
15:29 Remembering Techdirt Contributors Sherwin And Elliot (1)
13:32 DC Metro PD's Powerful Review Panel Keeps Giving Bad Cops Their Jobs Back (6)
12:11 Missouri Governor Still Expects Journalists To Be Prosecuted For Showing How His Admin Leaked Teacher Social Security Numbers (39)
10:48 Oversight Board Overturning Instagram Takedown Of Ayahuasca Post Demonstrates The Impossibility Of Content Moderation (10)
More arrow
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it