Internet-Connected Chastity Cages Hit By Bitcoin Ransom Hack
from the the-future-is-not-what-we-were-promised dept
If you hadn’t noticed yet, the internet of things is a security and privacy shit show. Millions of poorly secured internet-connected devices are now being sold annually, introducing massive new attack vectors and vulnerabilities into home and business networks nationwide. Thanks to IOT companies and evangelists that prioritize gee-whizzery and profits over privacy and security, your refrigerator can now leak your gmail credentials, your kids’ Barbie doll can now be used as a surveillance tool, and your “smart” tea kettle can now open your wireless network to attack.
So of course this kind of security and privacy apathy has extended to more creative uses of internet-connected devices. Case in point: last October, security researchers found that the makers of an IOT chastity cage — a device used to prevent men from being able to have sex — (this Amazon link has the details) had left an API exposed, giving hackers the ability to take remote control of the devices. And guess what: that’s exactly what wound up happening. One victim and device user say he was contacted by a hacker who stated he wouldn’t be able to free his genitals from the device unless he ponied up a bitcoin ransom.
Luckily his genitals weren’t in the device at the time, though it’s not clear other users were as lucky:
“A victim who asked to be identified only as Robert said that he received a message from a hacker demanding a payment of 0.02 Bitcoin (around $750 today) to unlock the device. He realized his cage was definitely “locked,” and he “could not gain access to it.” “Fortunately I didn?t have this locked on myself while this happened,” Robert said in an online chat.”
Given the often nonexistent security on internet of things devices, such problems aren’t particularly uncommon in devices like not-so-smart thermostats. It’s also a major problem in many hospitals where big medical conglomerates haven’t been willing to pony up the money necessary to keep lifesaving technology private and secure. That said, “I had to pay some kid in the Ukraine $750 so I could access my own genitals” is a new wrinkle many hadn’t seen coming.
It’s just yet another reminder that you shouldn’t connect everything to the internet just because you can. And you shouldn’t endeavor to engage in such innovation unless you’re willing to spend the money and take the time to ensure you’re adhering to basic security and privacy standards. Whether a heart monitor or a sex toy, most companies still aren’t after ten years of headlines like this. And despite some promising headway being made in policy, our response to the security dumpster fire that is the IOT remains a pretty hot, discordant mess.
Filed Under: bitcoin, chastity cage, hack, iot, ransomware, security
Comments on “Internet-Connected Chastity Cages Hit By Bitcoin Ransom Hack”
Larry Niven said it best
If an idiot wants to lock his genitals up so anyone on the Internet can say "Narp, not unlocking you" that’s just evolution in action.
Ehud
P.S. That’s from Oath of Fealty, Larry Niven and Jerry Pournelle, 1981, to give credit where credit is certainly due.
Re: Larry Niven said it best
And here I was guessing Vernor Vinge.
Well, you learn something new every day. Not the inevitable danger of such a device, but its existence…
Bonus points for "VICE" being the source link.
Another problem with chastity cages . . .
Vendor Lock In
Re: Another problem with chastity cages . . .
In this case the bigger problem is vendee lock in.
Finally something the lockpicking lawyer refuses to open.
And the doctor says…"Hold still while I cut this off of you".
Damn, talk about getting cockblocked…
Re: Re:
More like cocklocked!
Why does it seem so many of humanities problems start with a guy going… I know I’ll stick my dick in it…
It's a security fetish thing.
Come on, guys. We’ve already done the jokes about the internet chastity cage back in october. (Link provided in case you don’t think this thread is big enough.)
The only difference now is that the cage is bitcoin-operated.
There should be stiff penalties for this type of behavior!
Re: Re:
And I though stiff caused a penalty with such devices!
Fun things.
How about the thought,
BASIC SECURITY so even an idiot can open it, incase of emergency?
If it really only has Bluetooth 4 digit Numbers, WHO cares if it gets locked.
The weakest/strongest security feature is only there and SAFE, if someone changes it. Just cause a series of products all have ADMIN and PASSWORD as the name and password. is only Safer IF you change it.(and not forget it)(not reset the device to un-configured).
Whats the most interesting thing about all of it, is How many of these devices can loose Power and reset to its failsafe. Admin/password.
Is this good/bad? Considering My customers tend to forget them anyway.
Dont mind the ones that Do have a builtin Switch to reset them, Until someone figures they can tap it then remote access the whole system.
In allot of this, How secure do you want some of these devices? Probably depends on the Use made of it. And that Barbie, SHOULD not be able to direct connect to the net.
The Fridge? Should just make a Call. It would be better if you had to press a button and it would THEN connect and order things Or print out your grocery list.
Anyone know the story of a car owner, found someone in Australia with the same car, and gained remote access to it, with the Vehicle ID(Vin #). who knew it was that easy?
https://i0.wp.com/tap.fremontmotors.com/wp-content/uploads/2018/08/vin-decode.jpg?resize=500%2C250&is-pending-load=1#038;ssl=1
Re: Fun things.
"BASIC SECURITY so even an idiot can open it, incase of emergency?"
Given my own experience in IT…I think it’s a safe assumption to make that most of the users ill be bigger idiots than the hackers, by far.
Yeah, you can dumb the security down until the average user will be able to work their way through the 4-digit pin. That just leaves us with the neighborhood kids being able to repetitively force the users to spend hours of brute-forcing the pin or unlock the damn thing with a pair of bolt cutters.
If the solution only inconveniences the user and encourages the trolls you’re probably better off making the lock physical and taking the risk of your future sex life disappearing down a storm drain along with the key…
Can vs. should
You can apply technology to almost anything. If you should, is a bigger question.
Seriously though, what are they made of, titanium? How much trouble would they be to get off if necessary, really?
Let’s see… $750.00, or however much this thing cost? Tough choice, i know. Sunk costs and all.
Re: Re:
Lets see, I have this grinder, or maybe a hammer and chisel will do,….
Re: Re:
To be fair, I’d be nervous about using force to remove anything right by my genitals.
Re: Re: Re:
"To be fair, I’d be nervous about using force to remove anything right by my genitals."
The darwin awards homepage is full of examples of people who would cheerfully use a welding torch or explosives to rid themselves of the temporary inconvenience, let alone hammer and chisel. I guess it only shows that some people will always be left stumped by technology.
Re: Re: Re:
bolt cutters, hacksaws, wiresaws are things. i’m sure i could think of more if necessary. then there’s simply defeating the electronics. vibratory tools might get you a twofer.
but sure some emergency doctor or whatever action might compete with the $750.00 price tag.
Re: Re: Re: Re:
"but sure some emergency doctor or whatever action might compete with the $750.00 price tag."
Depends on whether the victim’s kinks included shame play in which case it’s a win all around? Judge not, and all that.
You’d think that my early years as a DBA would have inured me to human stupidity, and yet the idea that there are people out there willing to strap, to their genitals, remotely operated and badly secured machinery, still shocks me.
Re: Re: Re:2 Re:
"…still shocks me."
I think we just found the new functionality they’ll be adding for v2.0.
Re: Re:
Would you want someone using a cutting tool near your genitals, on a device with a lithium battery? The report linked from one of the articles shows how to safely remove it, by accessing the motor wires and directly applying power:
https://www.pentestpartners.com/security-blog/smart-male-chastity-lock-cock-up/?=october-5-2020
The BBC also has a picture: https://www.bbc.com/news/technology-54436575
You can’t make this stuff up. Why would you? That would be a waste of everyone’s time.
Hacking needs to be treated as if it were terrorism.
Re: Re:
really?
So no matter how weak or Stupid the maker is to use it..
That it interconnects Direct to your router and MAYBE an internet site. Or just the kids BT connection on their PHONE, and they hack it.
Who is responsible?
The kids for a 4 digit code?
You for not changing the BASIC name/password
The company that Made all the codes the same, and Probably not changeable.
OR that the ITEM is broadcasting itself to everyone in 300 feet? And not being SILENT, so that no one Knows you are wearing one. And that you have to have the MAC address to connect to it.
It’s a feature, not a bug.
How else do you think BBCs are going to train their cock-hungry sissies if they have clit restraints that can be removed? Self-defeating. Sissies need to learn that they don’t have a cock. They have a useless clit that can’t cum without Daddy’s help.
As Dan Savage points out this is exactly what gets them off. This should be marketed as a feature, chastity + fin dom that is a huge market segment.
No. It's a copy-protection scheme.
Unauthorised reproduction is prohibited.
It says so right in the DMCA. That means it’s illegal to circumvent (or even circumcise) this device.
All hail Dear Leader!
While I agree that not everything should be connected to the net and that the things that are need to have better security, all IOT devices should have a way to wipe the current settings and firmware and reset them to the factory defaults. This ability should be in ROM and therefore immune to hacking. Someone hacks your device and changes the password or corrupts the firmware? Just reset to the factory defaults. You may have to re-configure it or even do a firmware update, but it nullify any ransomware attack. What’s that you say? If the firmware has been hacked, it could destroy the code that does the reset? Not if that code is in ROM. You trigger the reset, it executes the ROM code to re-flash the firmware to the default. Of course this presents a problem if the reset code has a bug that needs to be patched, which is why companies would need to make sure that it’s bug-free before they shipped it. You know, the way companies used to do things before today’s model of "Ship it broken, we’ll patch it later."
I would recommend that such a reset be designed so that it can only be triggered manually from the actual device itself and not remotely.
In the case of a smart chastity device, maybe a special tool or cable could be employed to ensure that the wearer couldn’t just reset it at will.
And as for removing the Cell Mate without the code, a pair of bolt cutters to cut the ring would probably suffice. Failing that, even a fiber cutting wheel in a Dremel would probably make short work of the ring. I’ve used them to cut bolts. First pull the penis out the back (there is NOTHING to prevent this), then cut the ring on each side.
Well, guys, as you can see the role of the bitcoin is above everything that was mention by that gentleman in 2011. Now everyone understands its power and how it influences the business. Of course, it works oppositely. I mean, such persons like Mask can influence its value and use that. But I still believe it will grow in the future. Nevertheless, I also try to invest in other cryptocurrencies that have a reasonable price now. I play with crypto on fairspin io and try to multiply my digital saving there. Well, I need to learn more about that world to earn more. At least, I know the game is honest as I can check it through blockchain.