A security flaw in an internet-connected male chastity device could allow hackers to remotely lock it — leaving users trapped, researchers have warned.
The Cellmate, produced by Chinese firm Qiui, is a cover that clamps on the base of the male genitals with a hardened steel ring, and does not have a physical key or manual override.
The locking mechanism is controlled with a smartphone app via Bluetooth — marketed as both an anti-cheating and a submission sex play device — but security researchers have found multiple flaws that leave it vulnerable to hacking.
“We discovered that remote attackers could prevent the Bluetooth lock from being opened, permanently locking the user in the device. There is no physical unlock,” British security firm Pen Test Partners said Tuesday.
“An angle grinder or other suitable heavy tool would be required to cut the wearer free.”
A flaw in a smart chastity device that puts your penis on lockdown could get your appendage imprisoned longer than you bargained for, security researchers say.
The device in question, Qiui’s Cellmate Chastity Cage, encases your favorite organ in a Bluetooth-enabled gadget that a trusted partner can lock and unlock remotely using a mobile app.
Entertain your brain with the coolest news from streaming to superheroes, memes to video games.
The problem, according to security researchers from UK-based Pen Test Partners, is that due to API flaws, a nontrusted party acting from anywhere could not only gain access to precise user location data, but could “prevent the Bluetooth lock from being opened, permanently locking the user in.”
“There is no physical unlock,” Pen Test Partners noted Monday in a blog post that details its months-long investigation into the device.
BERLIN, GERMANY – MARCH 01: In this photo illustration artwork found on the Internet showing Fancy Bear is seen on the computer of the photographer during a session in the plenary hall of the Bundestag, the German parliament, on March 1, 2018 in Berlin, Germany. German authorities announced yesterday that administrative computers of the German government, including those of government ministries and parliament, had been infiltrated with malware. Authorities said they suspect the Russian hacker group APT28, also known as Fancy Bear. (Photo by Sean Gallup/Getty Images)
Russia’s 2020 hacking campaigns might have included a successful data breach at the US government. In the wake of a CISA notice warning of a cyberattack on an unnamed federal agency’s network, Wired and security company Dragos have obtained evidence suggesting Russia’s state-backed APT28 group, better known as Fancy Bear, was behind the hack.
A warning that unidentified hackers broke into an agency of the US federal government and stole its data is troubling enough. But it becomes all the more disturbing when those unidentified intruders are identified—and appear likely to be part of a notorious team of cyberspies working in the service of Russia’s military intelligence agency, the GRU.
Last week the Cybersecurity and Infrastructure Security Agency published an advisory that hackers had penetrated a US federal agency. It identified neither the attackers nor the agency, but it did detail the hackers’ methods and their use of a new and unique form of malware in an operation that successfully stole target data. Now, clues uncovered by a researcher at cybersecurity firm Dragos and an FBI notification to hacking victims obtained by WIRED in July suggest a likely answer to the mystery of who was behind the intrusion: They
The popular LGBT+ hook-up app Grindr has fixed a glaring security flaw that allowed hackers to take over any account if they knew the user’s registered email address, TechCrunch reports.
Wassime Bouimadaghene, a French security researcher, originally uncovered the vulnerability in September. But after he shared his discovery with Grindr and was met with radio silence, he decided to team up with Australian security expert Troy Hunt, a regional director at Microsoft and the creator of the world’s largest database of stolen usernames and passwords, Have I Been Pwned?, to draw attention to an issue that put Grindr’s more than 3 million daily active users at risk.
Hunt shared these findings with the outlet and on his website Friday, explaining that the problem stemmed from Grindr’s process for letting users reset their passwords. Like many social media sites,
Hackers have launched a sprawling, multifaceted cyber-attack against the state of Washington, according to two people familiar with the matter.
The attack infested many of the state’s agencies with sophisticated malware, including one type known as Trickbot, according to the two people, who requested anonymity because they aren’t authorized to talk to the media.
The attack has already lasted more than a week, but it has yet to significantly affect state operations even while exposing flaws in the state’s security apparatus, the people said.
The cyber-attack didn’t impact the state’s election systems. Nonetheless, coming nearly a month ahead of November’s presidential election, it highlights the potential vulnerability of state computer networks, which include election systems.
Tara Lee and Mike Faulk, both of whom are spokespersons for Governor Jay Inslee, didn’t respond to requests for comment. Secretary of State Kim Wyman’s office tweeted Thursday that
Homeland Security issued a rare warning about a Windows Server vulnerability that would give attackers complete control of every computer on a network.
The CISA warning said at the time that it assumes active exploitation is occurring in the wild, advising everyone to apply the August patch that Microsoft release.
Microsoft on Thursday noted that it has already observed attacks that incorporate the new Windows flaw.
Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued a rare emergency alert last week, over what appears to be one of the worst Windows flaws in recent history. Security researchers have identified a vulnerability so severe that it received a maximum severity score (10.0), prompting the agency to advise all governmental agencies to update their computers using Microsoft’s first patch for the issue that was launched a few weeks ago. The issue is so severe that a
Software company Check Point found a vulnerability in the Instagram app back in February, citing that with one single image on the platform can give an attacker access to use a victim’s phone as a spying tool. Yahoo Finance’s Melody Hahm shares the details on The First Trade, in addition to Facebook’s response.
BRIAN SOZZI: Software company Check Point says it found a vulnerability in the Instagram app back in February. In the finding, it says through one single image on the platform, an attacker can turn a victim’s phone into a spying tool. The company says it waited until today to publish the report in order to ensure enough people updated the app.
Yahoo Finance’s Melody Hahm is here with the details. So Melody, I understand you reached out to Facebook. What’d they tell you?
MELODY HAHM: Yeah, I spoke with both Check Point and Facebook ahead
Financial services organizations consistently outspend most of their vertical sector peers in cybersecurity staff, tools and associated investments, but the cyber hits just keep coming. According to our recent report, the financial services industry received the highest number of business email compromise (BEC) attacks in 2019 and the second-most cyber incidents across all types, following the healthcare sector.
For years, financial services has led the pack in cybersecurity spending. In 2015, for example, a Homeland Security Research study concluded the U.S. financial services cybersecurity market was the largest and fastest-growing nongovernmental market in cybersecurity.
In 2019, financial services companies dedicated between 6% and 14% of their annual IT budgets to cybersecurity (an average of 10%), according to a Deloitte study. (Current recommendations are between 4% and 10%; however, most companies fall short). In light of increasing Covid-19-related threats, these institutions plan to
Frank Villani is a 53-year-old information security specialist based in New Jersey who’s worked in information technology for 24 years and IT security for 12 years.
He’s a ‘white hat’ hacker, someone who works on the inside of an organization to protect its internet systems from ‘black hat’ hackers who want to violate computer security for personal gain.
For personal security measures, Villani says you should change your passwords every 45 days, be careful using public ATMs, pay in cash or credit cards at gas stations, and avoid using public WiFi unless it asks for credentials or consent.
This is his story, as told to freelance writer Jenny Powers.
Visit Business Insider’s homepage for more stories.
My name is Frank Villani. In a nutshell, my job is to test what those of us in the industry refer to as IOT — ‘the internet of things’ that encapsulates anything connected to