- Even for a hardcore BDSM fan, this is one nightmare you don’t want to experience.
Being the victim of blackmail is a harrowing experience. Having to pay someone to keep your secrets secret can not only drain you financially, but also have a significant negative mental impact.
But toward the end of last year, one hacker took the concept of blackmail to a whole new level. They really had their victims by the ‘nads – literally.
Let’s start by introducing you to a delightful little device called the Cell Mate. It’s a Bluetooth-enabled male chastity cage.
How it works is, well… You put it around your dingdong. Then, due to its Bluetooth capability, your partner (or whoever you gave the access code to) can lock it in place remotely with a smartphone app.
Chastity cages are relatively popular toys in the BDSM community. And as far as these things go, Cell Mate seems to be a state-of-the-art product – the manufacturer’s website says it’s waterproof for bathing, has smooth edges for less chafing, and can be locked or opened from anywhere in the world.
You can already guess where this is going, can’t you?
Indeed, it turns out the manufacturer left one of Cell Mate’s application programming interfaces (API) vulnerable and exposed. As a result, a theoretical hacker could to take control over the devices and lock them up.
And, of course, that is just what happened.
Assuming Direct Control
Toward the end of last year an unidentified hacker managed to get into the system of several Cell Mate users, according to Vice. The unfortunate BDSM enthusiasts found their chastity cages suddenly clamping down when they weren’t supposed to.
Permanently. Unless, of course, the victim paid the hacker a hefty sum in Bitcoin.
“You c*** is mine now,” the hacker would tell their victims, based on screenshots of text message conversations acquired by security researchers.
One victim – identified only as Robert – was one of the lucky ones. He wasn’t wearing his Cell Mate when it locked up.
Robert said that he received a message demanding that he pay 0.02 Bitcoin (roughly $750). If he failed to comply, his Cell Mate would stay locked for good.
Checking his device, Robert was shocked to find that the hacker was the real deal. His Cell Mate was clamped up nice and tight.
“Fortunately I didn’t have this locked on myself while this happened,” Robert told Vice.
Another man, going by the name RJ, had a similar experience. He, too, was not wearing his Cell mate when the hacker took over.
“I wasn’t the owner of the cage anymore so I didn’t have full control over the cage at any given moment,” RJ said.
Here’s a little horror scenario for you, though. What if the person RJ sold his toy to had it on when it locked?
Open, Sesame
Anyone who did indeed have a Cell Mate grab a hold of his wang was really in deep. The cage is a serious BDSM toy, after all, so it’s not exactly easy to get off without the lock app.
According to Pen Test Partners (PTP), a UK cyber security consulting firm, the Cell Mate is designed to simply not open without permission. PTP said that the device’s… Sheath, locks onto a ring worn around the base of the genitals.
“An angle grinder or other suitable heavy tool would be required to cut the wearer free,” PTP said on its website.
Luckily, PTP also found a workaround that doesn’t require bringing heavy machinery near your wang. Prying open the Cell Mate’s circuit board housing reveals two wires that connect to the motor controlling the lock.
Applying the current of two AA batteries into the wires will “spike” the lock, forcing it to unlock. However, PTP still recommends seeing a professional.
“Your local emergency department will probably have the right tools to cut through the metal safely, though, and would be your better first port of call!” the firm said.
A Neglectful Creator
But perhaps the worst part of it all (yes, even worse than getting your genitals clamped) is that the vulnerability wasn’t a recent discovery. The security hole has been there for nearly a year – and there’s no sign of it being fixed.
According to the PTP website, the firm first learned of the vulnerability in April 2020. The reported the issue to Cell Mate’s manufacturer, a Chinese company called Qiui, who said that they would fix in by June.
June came and went, and Qiui applied an update to the app that did little to fix the underlying problems. PTP contacted the company again, but this time Qiui said that they were unable or unwilling to fix the security hole “as they ‘only’ had $50,000.”
In July, Qiui said the problem would be patched in August. It wasn’t.
In October, PTP went public with its findings to raise awareness of the problem. Considering that stories about people’s penises being taken hostage are still coming in, the problem has still not been resolved.
“The problem is that manufacturers of these other toys sometimes rush their products to market,” Alex Lomas, a PTP researcher, told the BBC.
He added that most tech products and companies will face some kind of vulnerability during their life cycle. Maybe they won’t have the product grab your dong, but there’s always something.
“It’s important that all companies have a way for researchers to contact them, and that they keep in touch with them,” Lomas concluded.
That clearly hasn’t happened in this case. While we absolutely don’t want to tell anyone not to participate in their consensual kinks… If you happen to own a Cell Mate, for the love of all that is good, stop using it!