Twitter’s Security Fell Short Before Hack Targeting Celebrities, Regulator Says | Technology News

NEW YORK (Reuters) – Twitter Inc suffered from cybersecurity shortfalls that enabled a “simple” hack attributed to a Florida teenager to take over the accounts of several of the world’s most famous people in July, according to a report released on Wednesday.

The report by New York’s Department of Financial Services also recommended that the largest social media companies be deemed systemically important, like some banks following the 2008 financial crisis, with a dedicated regulator monitoring their ability to combat cyberattacks and election interference.

“That Twitter was vulnerable to an unsophisticated attack shows that self-regulation is not the answer,” said Linda Lacewell, the financial services superintendent.

Twitter did not immediately respond to a request for comment. It has acknowledged that some employees were duped into sharing account credentials prior to the hack.

New York Governor Andrew Cuomo ordered a probe following the July 15 hack of celebrity Twitter accounts, in an alleged scam that stole more than $118,000 in Bitcoin.

Those whose accounts were hacked included U.S. presidential candidate Joe Biden; former President Barack Obama; billionaires Jeff Bezos, Bill Gates and Elon Musk; singer Kanye West, and his wife Kim Kardashian, the reality TV star.

Lacewell said hackers obtained log-in credentials after calling several employees, pretending to work in Twitter’s information technology department, and claiming to be responding to problems with the company’s Virtual Private Network, which had become common because employees were working from home.

“The extraordinary access the hackers obtained with this simple technique underscores Twitter’s cybersecurity vulnerability and the potential for devastating consequences,” the report said.

Twitter’s lack at the time of a chief information security officer also made the San Francisco-based company more vulnerable, the report said.

Florida prosecutors said Graham Ivan Clark was the mastermind behind the hack, and charged the 17-year-old Tampa resident as

Cellmate chastity gadget hack thwarted by screwdriver trick

The maker of a male chastity toy that was vulnerable to a hack attack has suggested the device can be easily removed with a screwdriver.

Researchers found a flaw in Cellmate’s app that could have let hackers simultaneously remotely lock all the devices in use, with no manual release.

Now the Chinese firm has defended the product, saying it can be cracked open.

It added that anybody trapped in their chastity toy could also call its customer hotline to be released.

The flaw was found by security firm Pen Test Partners, which shared its findings with Guandong-based Qiui, which makes the Cellmate toy.

As well as being able to lock devices, the researchers discovered a way to fool the server into disclosing the registered name of each device owner, among other personal details, as well as the co-ordinates of every location from where the app had been used.

The researchers shared what they had found with the company, and made their findings public when one of the underlying issues was not fixed.

Qiui has now defended its product, saying: “Wearing a traditional chastity cage – often made of steel – with a classic padlock is much riskier.”

It said the global coronavirus pandemic had delayed its software development, but said it had submitted an updated version of its software to Apple and Google’s app stores.

It rejected suggestions that users could have been trapped by the chastity device, if it had been hacked.

“Although an ‘unpermitted escape’ is not part of the rules of the game, the Cellmate has two emergency escape possibilities,” said Jake Guo, chief executive of Qiui.

As well as contacting the company’s hotline or social media team to trigger an override, it suggested wearers could also “break open the Cellmate cap” using a screwdriver.

To reveal

Cellmate: Male chastity gadget hack could lock users in

Image copyright

Pen Test Partners

Image caption

The Cellmate has been sold via several big-name online retailers as well as niche stores

A security flaw in a hi-tech chastity belt for men made it possible for hackers to remotely lock all the devices in use simultaneously.

The internet-linked sheath has no manual override, so owners might have been faced with the prospect of having to use a grinder or bolt cutter to free themselves from its metal clamp.

The sex toy’s app has been fixed by its Chinese developer after a team of UK security professionals flagged the bug.

They have also published a workaround.

This could be useful to anyone still using the old version of the app who finds themselves locked in as a result of an attacker making use of the revelation.

Any other attempt to cut through the device’s plastic body poses a risk of harm.

Image copyright

Pen Test Partners

Image caption

The workaround involves prising open the circuit board and pressing batteries against two of the wires to trigger a motor

Pen Test Partners (PTP) – the Buckingham-based cyber-security firm involved – has a reputation for bringing quirky discoveries to light, including problems with other sex toys in the past.

It says the latest discovery indicates that the makers of “smart” adult-themed products still have lessons to learn.

“The problem is that manufacturers of these other toys sometimes rush their products to market,” commented Alex Lomas, a researcher at the firm.

“Most times the problem is a disclosure of sensitive personal data, but in this case, you can get physically locked in.”

Lock and clamp

Qiui’s Cellmate Chastity Cage is sold online for about $190 (£145) and is marketed as a way for owners to give a partner control over access to their body.

Male chastity gadget hack could lock users in

A security flaw in a hi-tech chastity belt for men made it possible for hackers to remotely lock all the devices in use simultaneously.

The internet-linked sheath has no manual override, so owners might have been faced with the prospect of having to use a grinder or bolt cutter to free themselves from its metal clamp.

The sex toy’s app has been fixed by its Chinese developer after a team of UK security professionals flagged the bug.

They have also published a workaround.

This could be useful to anyone still using the old version of the app who finds themselves locked in as a result of an attacker making use of the revelation.

Any other attempt to cut through the device’s plastic body poses a risk of harm.

Pen Test Partners (PTP) – the Buckingham-based cyber-security firm involved – has a reputation for bringing quirky discoveries to light, including problems with other sex toys in the past.

It says the latest discovery indicates that the makers of “smart” adult-themed products still have lessons to learn.

“The problem is that manufacturers of these other toys sometimes rush their products to market,” commented Alex Lomas, a researcher at the firm.

“Most times the problem is a disclosure of sensitive personal data, but in this case, you can get physically locked in.”

Lock and clamp

Qiui’s Cellmate Chastity Cage is sold online for about $190 (£145) and is marketed as a way for owners to give a partner control over access to their body.

Pen Test Partners believe about 40,000 devices have been sold based on the number of IDs that have been granted by its Guangdong-based creator.

The cage wirelessly connects to a smartphone via a Bluetooth signal, which is used to trigger the device’s lock-and-clamp mechanism.

But to achieve this, the