Network Security Flaw Lets Smartphone Penis Lock Be Permanently Sealed by Anyone

Yes, you did read the headline correctly. Wearers of the Qiui Cellmate Chastity Cage risk having their penises permanently locked in a metal cage because of a security vulnerability that allows anyone to remotely control all devices. British security firm Pen Test Partners repeatedly warned the Chinese manufacturers about the device’s API, which was designed so a remote partner could use their smartphone to lock or unlock the chastity cage. Multiple flaws meant the API could be hijacked, making it impossible for wearers to remove the genital locks. The API also leaked information about the wearer’s location, and other potentially intimate details of his sex life. Eventually Pen Test Partners published their findings after Qiui missed repeated deadlines to remediate their product.

We discovered that remote attackers could prevent the Bluetooth lock from being opened, permanently locking the user in the device. There is no physical unlock. The tube is locked onto a ring worn around the base of the genitals, making things inaccessible. An angle grinder or other suitable heavy tool would be required to cut the wearer free.

Location, plaintext password and other personal data was also leaked, without need for authentication, by the API.

The API for the device could not simply be taken down because anyone using the device at that moment would also be permanently locked in. The manufacturers did respond by developing a second version of the API that addressed most of the issues, but did not take the first API out of service, with the result that wearers remained at risk. Eventually Qiui stopped answering messages from Pen Test Partners, journalists and retailers. This forced Pen Test Partners to publicly disclose information about the security weaknesses, not least because Qiui are believed to be developing an even riskier chastity device for internal use.

You can find all the details about the security weakness, the disclosure timeline, and instructions for how to break the lock from the Pen Test Partners website.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.