Internet-Connected Chastity Cages Hit By Bitcoin Ransom Hack

from the the-future-is-not-what-we-were-promised dept

If you hadn't noticed yet, the internet of things is a security and privacy shit show. Millions of poorly secured internet-connected devices are now being sold annually, introducing massive new attack vectors and vulnerabilities into home and business networks nationwide. Thanks to IOT companies and evangelists that prioritize gee-whizzery and profits over privacy and security, your refrigerator can now leak your gmail credentials, your kids' Barbie doll can now be used as a surveillance tool, and your "smart" tea kettle can now open your wireless network to attack.

So of course this kind of security and privacy apathy has extended to more creative uses of internet-connected devices. Case in point: last October, security researchers found that the makers of an IOT chastity cage -- a device used to prevent men from being able to have sex -- (this Amazon link has the details) had left an API exposed, giving hackers the ability to take remote control of the devices. And guess what: that's exactly what wound up happening. One victim and device user say he was contacted by a hacker who stated he wouldn't be able to free his genitals from the device unless he ponied up a bitcoin ransom.

Luckily his genitals weren't in the device at the time, though it's not clear other users were as lucky:

"A victim who asked to be identified only as Robert said that he received a message from a hacker demanding a payment of 0.02 Bitcoin (around $750 today) to unlock the device. He realized his cage was definitely "locked," and he "could not gain access to it." "Fortunately I didn’t have this locked on myself while this happened," Robert said in an online chat."

Given the often nonexistent security on internet of things devices, such problems aren't particularly uncommon in devices like not-so-smart thermostats. It's also a major problem in many hospitals where big medical conglomerates haven't been willing to pony up the money necessary to keep lifesaving technology private and secure. That said, "I had to pay some kid in the Ukraine $750 so I could access my own genitals" is a new wrinkle many hadn't seen coming.

It's just yet another reminder that you shouldn't connect everything to the internet just because you can. And you shouldn't endeavor to engage in such innovation unless you're willing to spend the money and take the time to ensure you're adhering to basic security and privacy standards. Whether a heart monitor or a sex toy, most companies still aren't after ten years of headlines like this. And despite some promising headway being made in policy, our response to the security dumpster fire that is the IOT remains a pretty hot, discordant mess.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bitcoin, chastity cage, hack, iot, ransomware, security


Reader Comments

Subscribe: RSS

View by: Thread


  • icon
    Ehud Gavron (profile), 12 Jan 2021 @ 12:47am

    Larry Niven said it best

    If an idiot wants to lock his genitals up so anyone on the Internet can say "Narp, not unlocking you" that's just evolution in action.

    Ehud
    P.S. That's from Oath of Fealty, Larry Niven and Jerry Pournelle, 1981, to give credit where credit is certainly due.

    reply to this | link to this | view in chronology ]

  • icon
    PaulT (profile), 12 Jan 2021 @ 6:41am

    Well, you learn something new every day. Not the inevitable danger of such a device, but its existence...

    Bonus points for "VICE" being the source link.

    reply to this | link to this | view in chronology ]

  • icon
    DannyB (profile), 12 Jan 2021 @ 6:50am

    Another problem with chastity cages . . .

    Vendor Lock In

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jan 2021 @ 7:24am

    Finally something the lockpicking lawyer refuses to open.

    reply to this | link to this | view in chronology ]

  • identicon
    Pixelation, 12 Jan 2021 @ 7:38am

    And the doctor says..."Hold still while I cut this off of you".

    reply to this | link to this | view in chronology ]

  • icon
    Stephen T. Stone (profile), 12 Jan 2021 @ 8:09am

    Damn, talk about getting cockblocked…

    reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 12 Jan 2021 @ 9:01am

    Why does it seem so many of humanities problems start with a guy going... I know I'll stick my dick in it...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jan 2021 @ 9:32am

    It's a security fetish thing.

    Come on, guys. We've already done the jokes about the internet chastity cage back in october. (Link provided in case you don't think this thread is big enough.)

    The only difference now is that the cage is bitcoin-operated.

    reply to this | link to this | view in chronology ]

  • identicon
    Rocky, 12 Jan 2021 @ 9:32am

    There should be stiff penalties for this type of behavior!

    reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 12 Jan 2021 @ 11:12am

    Fun things.

    How about the thought,
    BASIC SECURITY so even an idiot can open it, incase of emergency?
    If it really only has Bluetooth 4 digit Numbers, WHO cares if it gets locked.
    The weakest/strongest security feature is only there and SAFE, if someone changes it. Just cause a series of products all have ADMIN and PASSWORD as the name and password. is only Safer IF you change it.(and not forget it)(not reset the device to un-configured).

    Whats the most interesting thing about all of it, is How many of these devices can loose Power and reset to its failsafe. Admin/password.
    Is this good/bad? Considering My customers tend to forget them anyway.
    Dont mind the ones that Do have a builtin Switch to reset them, Until someone figures they can tap it then remote access the whole system.

    In allot of this, How secure do you want some of these devices? Probably depends on the Use made of it. And that Barbie, SHOULD not be able to direct connect to the net.
    The Fridge? Should just make a Call. It would be better if you had to press a button and it would THEN connect and order things Or print out your grocery list.
    Anyone know the story of a car owner, found someone in Australia with the same car, and gained remote access to it, with the Vehicle ID(Vin #). who knew it was that easy?
    https://i0.wp.com/tap.fremontmotors.com/wp-content/uploads/2018/08/vin-decode.jpg?resize=500%2 C250&is-pending-load=1#038;ssl=1

    reply to this | link to this | view in chronology ]

    • icon
      Scary Devil Monastery (profile), 13 Jan 2021 @ 2:21am

      Re: Fun things.

      "BASIC SECURITY so even an idiot can open it, incase of emergency?"

      Given my own experience in IT...I think it's a safe assumption to make that most of the users ill be bigger idiots than the hackers, by far.

      Yeah, you can dumb the security down until the average user will be able to work their way through the 4-digit pin. That just leaves us with the neighborhood kids being able to repetitively force the users to spend hours of brute-forcing the pin or unlock the damn thing with a pair of bolt cutters.

      If the solution only inconveniences the user and encourages the trolls you're probably better off making the lock physical and taking the risk of your future sex life disappearing down a storm drain along with the key...

      reply to this | link to this | view in chronology ]

  • icon
    Dan (profile), 12 Jan 2021 @ 12:39pm

    Can vs. should

    You can apply technology to almost anything. If you should, is a bigger question.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jan 2021 @ 1:05pm

    Seriously though, what are they made of, titanium? How much trouble would they be to get off if necessary, really?

    Let's see... $750.00, or however much this thing cost? Tough choice, i know. Sunk costs and all.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Jan 2021 @ 2:40pm

      Re:

      Lets see, I have this grinder, or maybe a hammer and chisel will do,....

      reply to this | link to this | view in chronology ]

    • icon
      bhull242 (profile), 12 Jan 2021 @ 7:03pm

      Re:

      To be fair, I’d be nervous about using force to remove anything right by my genitals.

      reply to this | link to this | view in chronology ]

      • icon
        Scary Devil Monastery (profile), 13 Jan 2021 @ 2:24am

        Re: Re:

        "To be fair, I’d be nervous about using force to remove anything right by my genitals."

        The darwin awards homepage is full of examples of people who would cheerfully use a welding torch or explosives to rid themselves of the temporary inconvenience, let alone hammer and chisel. I guess it only shows that some people will always be left stumped by technology.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 13 Jan 2021 @ 3:18pm

        Re: Re:

        bolt cutters, hacksaws, wiresaws are things. i'm sure i could think of more if necessary. then there's simply defeating the electronics. vibratory tools might get you a twofer.

        but sure some emergency doctor or whatever action might compete with the $750.00 price tag.

        reply to this | link to this | view in chronology ]

        • icon
          Scary Devil Monastery (profile), 14 Jan 2021 @ 8:23am

          Re: Re: Re:

          "but sure some emergency doctor or whatever action might compete with the $750.00 price tag."

          Depends on whether the victim's kinks included shame play in which case it's a win all around? Judge not, and all that.

          You'd think that my early years as a DBA would have inured me to human stupidity, and yet the idea that there are people out there willing to strap, to their genitals, remotely operated and badly secured machinery, still shocks me.

          reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Jan 2021 @ 8:03pm

      Re:

      How much trouble would they be to get off if necessary, really?

      Would you want someone using a cutting tool near your genitals, on a device with a lithium battery? The report linked from one of the articles shows how to safely remove it, by accessing the motor wires and directly applying power:
      https://www.pentestpartners.com/security-blog/smart-male-chastity-lock-cock-up/?=october-5-20 20

      The BBC also has a picture: https://www.bbc.com/news/technology-54436575

      You can't make this stuff up. Why would you? That would be a waste of everyone's time.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jan 2021 @ 5:31pm

    Hacking needs to be treated as if it were terrorism.

    reply to this | link to this | view in chronology ]

    • icon
      ECA (profile), 13 Jan 2021 @ 1:44pm

      Re:

      really?
      So no matter how weak or Stupid the maker is to use it..
      That it interconnects Direct to your router and MAYBE an internet site. Or just the kids BT connection on their PHONE, and they hack it.
      Who is responsible?
      The kids for a 4 digit code?
      You for not changing the BASIC name/password
      The company that Made all the codes the same, and Probably not changeable.
      OR that the ITEM is broadcasting itself to everyone in 300 feet? And not being SILENT, so that no one Knows you are wearing one. And that you have to have the MAC address to connect to it.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Jan 2021 @ 3:49am

    It's a feature, not a bug.

    How else do you think BBCs are going to train their cock-hungry sissies if they have clit restraints that can be removed? Self-defeating. Sissies need to learn that they don't have a cock. They have a useless clit that can't cum without Daddy's help.

    reply to this | link to this | view in chronology ]

  • identicon
    Taylor, 13 Jan 2021 @ 5:26am

    As Dan Savage points out this is exactly what gets them off. This should be marketed as a feature, chastity + fin dom that is a huge market segment.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Jan 2021 @ 9:01am

    No. It's a copy-protection scheme.

    Unauthorised reproduction is prohibited.

    It says so right in the DMCA. That means it's illegal to circumvent (or even circumcise) this device.

    All hail Dear Leader!

    reply to this | link to this | view in chronology ]

  • identicon
    Rekrul, 13 Jan 2021 @ 6:43pm

    While I agree that not everything should be connected to the net and that the things that are need to have better security, all IOT devices should have a way to wipe the current settings and firmware and reset them to the factory defaults. This ability should be in ROM and therefore immune to hacking. Someone hacks your device and changes the password or corrupts the firmware? Just reset to the factory defaults. You may have to re-configure it or even do a firmware update, but it nullify any ransomware attack. What's that you say? If the firmware has been hacked, it could destroy the code that does the reset? Not if that code is in ROM. You trigger the reset, it executes the ROM code to re-flash the firmware to the default. Of course this presents a problem if the reset code has a bug that needs to be patched, which is why companies would need to make sure that it's bug-free before they shipped it. You know, the way companies used to do things before today's model of "Ship it broken, we'll patch it later."

    I would recommend that such a reset be designed so that it can only be triggered manually from the actual device itself and not remotely.

    In the case of a smart chastity device, maybe a special tool or cable could be employed to ensure that the wearer couldn't just reset it at will.

    And as for removing the Cell Mate without the code, a pair of bolt cutters to cut the ring would probably suffice. Failing that, even a fiber cutting wheel in a Dremel would probably make short work of the ring. I've used them to cut bolts. First pull the penis out the back (there is NOTHING to prevent this), then cut the ring on each side.

    reply to this | link to this | view in chronology ]

  • identicon
    Andron Silver, 12 Mar 2021 @ 6:39am

    Well, guys, as you can see the role of the bitcoin is above everything that was mention by that gentleman in 2011. Now everyone understands its power and how it influences the business. Of course, it works oppositely. I mean, such persons like Mask can influence its value and use that. But I still believe it will grow in the future. Nevertheless, I also try to invest in other cryptocurrencies that have a reasonable price now. I play with crypto on fairspin io and try to multiply my digital saving there. Well, I need to learn more about that world to earn more. At least, I know the game is honest as I can check it through blockchain.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads
.

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.