Smart chastity device could be hacked to lock users in permanently, security experts warn

Vulnerability could leave thousands of Qiui Cellmate users locked in while simultaneously exposing their location and other personal data

Anthony Cuthbertson
Wednesday 07 October 2020 09:13 BST
security researchers found flaws with the Qiui Cellmate device
security researchers found flaws with the Qiui Cellmate device

A significant security flaw with an internet-connected chastity device means it can be hacked to lock users in permanently, researchers have warned.

Security firm Pen Test Partners discovered that the Qiui Cellmate is vulnerable to remote attacks, potentially leaving thousands of users locked in while simultaneously exposing their location and other personal data.

Qiui advertises the Cellmate as “the world’s first app-controlled chastity device”, offering features that include “worldwide control via app”.

The $200 sex toy is designed to lock around the user’s genitals while a trusted partner controls the keyless locking mechanism over Bluetooth through a mobile app.

The app also displays the wearer’s real-time location and status.

Removing the device without the app requires a heavy-duty tool such as an angle grinder. 

“We discovered that remote attackers could prevent the Bluetooth lock from being opened, permanently locking the user in the device,” researchers at Pen Test Partners wrote in a blog post.

“There is no physical unlock. The tube is locked onto a ring worn around the base of the genitals, making things inaccessible… Location, plaintext password and other personal data was also leaked.”

The researchers warned that attackers could download the entire user database in just a couple of days and use the information for blackmailing purposes.

Location data of users was uncovered in Australia, China, the UK, US, as well as several other countries across Asia and Europe.

Pen Test Partners first disclosed the vulnerability to Qiui back in April but the issue was not fixed by the company, who cited a lack of funds.

The Independent has reached out to Qiui for comment.

The threat posed to Cellmate users forms part of a much wider trend that has seen countless security risks associated with internet-connected devices in recent years.

Manufacturers of so-called smart devices have been frequently criticised for treating security as an afterthought.

Last year, a study revealed that security cameras recommended and sold by Amazon come with “huge” security risks.

Buyers complained that hackers were able to hijack the cameras to spy on them and even talk to them through the in-built microphones.

Adam French, a consumer rights expert at Which?, said at the time: “There appears to be little to no quality control with these sub-standard products, which risk people’s security.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in