Cellmate chastity gadget hack thwarted by screwdriver trick

Image source, Qiui

The maker of a male chastity toy that was vulnerable to a hack attack has suggested the device can be easily removed with a screwdriver.

Researchers found a flaw in Cellmate's app that could have let hackers simultaneously remotely lock all the devices in use, with no manual release.

Now the Chinese firm has defended the product, saying it can be cracked open.

It added that anybody trapped in their chastity toy could also call its customer hotline to be released.

The flaw was found by security firm Pen Test Partners, which shared its findings with Guandong-based Qiui, which makes the Cellmate toy.

Image source, Pen Test Partners
Image caption,
The Cellmate has been sold by several big-name online retailers as well as niche stores

As well as being able to lock devices, the researchers discovered a way to fool the server into disclosing the registered name of each device owner, among other personal details, as well as the co-ordinates of every location from where the app had been used.

The researchers shared what they had found with the company, and made their findings public when one of the underlying issues was not fixed.

Qiui has now defended its product, saying: "Wearing a traditional chastity cage - often made of steel - with a classic padlock is much riskier."

It said the global coronavirus pandemic had delayed its software development, but said it had submitted an updated version of its software to Apple and Google's app stores.

It rejected suggestions that users could have been trapped by the chastity device, if it had been hacked.

"Although an 'unpermitted escape' is not part of the rules of the game, the Cellmate has two emergency escape possibilities," said Jake Guo, chief executive of Qiui.

As well as contacting the company's hotline or social media team to trigger an override, it suggested wearers could also "break open the Cellmate cap" using a screwdriver.

Image source, Cellmate Chastity
Image caption,
The chastity toy can be defeated with the right tool

"We sincerely apologise for the security flaw that was discovered in the Qiui app version 2.0 and the bad impression this made," Mr Guo said.

However, Pen Test Partners has suggested the screwdriver method outlined is far from ideal.

"The forceful use of a screwdriver in close proximity to a very sensitive area of the anatomy seems very unwise," said researcher Ken Munro.

The firm has posted an alternative workaround on its own site.

More on this story