Security flaw in smart chastity sex toy leaves thousands of users vulnerable to permanent lock

With the increasing progress in the world of the Internet, more and more devices are connecting to it. Internet of things as it is called and now there are smart sex toys that also connect to the internet via Wi-Fi or via apps. You can easily get an internet-enabled sex toy today, but maybe you should keep at bay as it may be a long way off the internet. Researchers have discovered a new vulnerability in a popular sex toy made by Qiui that can leave users awkwardly vulnerable.

According to a report by TechCrunch, security researchers from UK-based Pen Test Partners have discovered a flaw in Qiui Cellmate’s internet-connected male chastity lock. This device is popular as the “world’s first app controlled chastity device”. This means that unlike conventional chastity lock, the app is used to control the user’s appendix lock. It uses Bluetooth (BLE) to enable blocking and clamping when controlled by an app that uses an API. Researchers claimed that this API has multiple security holes, making it prone to hacks.

The API used by the Qiui app is not password protected, allowing anyone to take control of the chastity lock. The lock chamber is designed to lock with a metal ring under the user’s genitals. The defect can give control to anyone who can permanently block the organ. Researchers believe that only a bolt cutter could be of any help, in the event that this happens with a Qiui chastity lock user.

“There is also no emergency override feature, so if you are stuck there is no way out,” wrote Alex Lomas, a researcher at Pen Test Partners. Not only the remote control, this flaw in the Qiui app also leaves private messages and user’s location prone to third-party control.

TechCrunch says it first learned of the vulnerability in June. The researchers also contacted Qiui, a China-based adult toy manufacturer, to inform them of the vulnerability in their chastity lock. Since taking the API offline would have blocked anyone using the block now, Qiui decided to implement a new API for new users who fix the flaw. But this has left existing users in awe.

Qiui CEO Jake Guo had previously told TechCrunch that the solution would come in August, but that didn’t happen. Instead, he said “When we fix it, it creates more problems” in an email to TechCrunch. The company ended up missing three deadlines it had set itself to correct this flaw, but there is no solution to be seen even two months later.

It was then that the researchers decided to go public with this issue, fueled by another incident after another researcher stumbled upon a separate safety issue in Qiui’s product, but the company was apparently not in the mood to address that as well.

While the company is mummy about what it is doing about the security flaw, many users have posted negative and Qiui chastity lock reviews online. “The app stopped working completely after three days and I’m stuck!” one user said. Another user said: “It worked for about a month until I almost got stuck. Luckily, it unlocked randomly and I was able to get out of it. The device left an ugly scar that took nearly a month. recovery. “

However, safety bugs aren’t new to the world of adult toys. Earlier, in 2016, researchers discovered the Bluetooth-enabled “panty buster” toy that allows anyone to control it using an internet connection. A good number of toys have also been found that steal user data and collect it.

A popular smart, networked sex toy from a company called Qiui is becoming a problem for its users as it contains a security vulnerability that puts users at risk of permanent blocking.

News Underline:

  • Qiui’s chastity lock was found to have a number of security holes.
  • The flaw gives hackers control of the smart sex toy using the app.
  • The company has not yet fixed the vulnerability, despite multiple warnings.