‘Smart’ male chastity device vulnerable to locking by hackers: researchers

A security flaw in an internet-connected male chastity device could allow hackers to remotely lock it — leaving users trapped, researchers have warned.

The Cellmate, produced by Chinese firm Qiui, is a cover that clamps on the base of the male genitals with a hardened steel ring, and does not have a physical key or manual override.

The locking mechanism is controlled with a smartphone app via Bluetooth — marketed as both an anti-cheating and a submission sex play device — but security researchers have found multiple flaws that leave it vulnerable to hacking.

“We discovered that remote attackers could prevent the Bluetooth lock from being opened, permanently locking the user in the device. There is no physical unlock,” British security firm Pen Test Partners said Tuesday.

“An angle grinder or other suitable heavy tool would be required to cut the wearer free.”

The firm also found other security flaws in the Cellmate — listed for $189 on Qiui’s website — that could expose sensitive user information such as names, phone numbers, birthdays and location data.

“It wouldn’t take an attacker more than a couple of days to exfiltrate the entire user database and use it for blackmail or phishing,” PTP’s Alex Lomas wrote in their report on the device.

“A number of countries have oppressive laws that may expose users of these types of devices to unwarranted interest from law enforcement and bigots.”

Qiui did not immediately respond to AFP’s request for comment.

PTP said it reached out to Qiui in April this year, identifying the flaws.

Qiui fixed most of the issues by updating the software, but left the older version active and its users still vulnerable, PTP added, saying other researchers had found similar issues.

Such smart sex toys and devices are among the wave of new

U.S. state, local election computer networks still vulnerable to hacks

WASHINGTON — In a little-noticed episode in 2016, an unusual number of voters in Riverside, California, complained that they were turned away at the polls during the primary because their voter registration information had been changed.



a group of people in a room


© Provided by NBC News


The Riverside County district attorney, Mike Hestrin, investigated and determined that the voter records of dozens of people had been tampered with by hackers. Hestrin said this week that federal officials confirmed his suspicions in a private conversation, saying the details were classified.

Last year, a cybersecurity company found a software flaw in Riverside County’s voter registration lookup system, which it believes could have been the source of the breach. The cybersecurity company, RiskIQ, said it was similar to the vulnerability that appears to have allowed hackers — Russian military hackers, U.S. officials have told NBC News — to breach the voter rolls in two Florida counties in 2016.

RiskIQ analysts said they assess that a vulnerability may still exist in Riverside and elsewhere. The only way to know for sure would be to attempt a hack, something they are not authorized to do. The office of the Riverside County Registrar of Voters did not respond to requests for comment.

“I’m very concerned,” Hestrin said. “I think that our current system has numerous vulnerabilities.”

Officials of the FBI and the Department of Homeland Security have said repeatedly that they have not observed a significant effort by Russian state actors to target election infrastructure this year, and Homeland Security’s top cybersecurity official said this will be the “most protected, most secure” election in American history.

FBI director: Russia trying ‘primarily to denigrate’ Biden in election interference

UP NEXT

UP NEXT

Despite government efforts, however, America’s patchwork of state and county election computer networks remains vulnerable to cyberattacks that

U.S. patchwork of state, county election computer networks still vulnerable to cyberattacks

WASHINGTON — In a little-noticed episode in 2016, an unusual number of voters in Riverside, California, complained that they were turned away at the polls during the primary because their voter registration information had been changed.

The Riverside County district attorney, Mike Hestrin, investigated and determined that the voter records of dozens of people had been tampered with by hackers. Hestrin said this week that federal officials confirmed his suspicions in a private conversation, saying the details were classified.

Last year, a cybersecurity company found a software flaw in Riverside County’s voter registration lookup system, which it believes could have been the source of the breach. The cybersecurity company, RiskIQ, said it was similar to the vulnerability that appears to have allowed hackers — Russian military hackers, U.S. officials have told NBC News — to breach the voter rolls in two Florida counties in 2016.

RiskIQ analysts said they assess that a vulnerability may still exist in Riverside and elsewhere. The only way to know for sure would be to attempt a hack, something they are not authorized to do. The office of the Riverside County Registrar of Voters did not respond to requests for comment.

“I’m very concerned,” Hestrin said. “I think that our current system has numerous vulnerabilities.”

Officials of the FBI and the Department of Homeland Security have said repeatedly that they have not observed a significant effort by Russian state actors to target election infrastructure this year, and Homeland Security’s top cybersecurity official said this will be the “most protected, most secure” election in American history.

Despite government efforts, however, America’s patchwork of state and county election computer networks remains vulnerable to cyberattacks that could cause chaos on Election Day and undermine confidence in a balloting process that is already under significant strain, election security experts