“Your dick is mine now,” said a cybercriminal after breaking into a victim’s chastity belt. With the individual’s phallic control, the cybercriminal asked for a Bitcoin rescue to return the victim’s chance to get an erection again. Information is from Vice.
The conversation between the cybercriminal and the victim was obtained by security researcher Smelly, who reports that he talked to several people who have been victims of attacks on smart chastity devices.
Cybercriminals are taking advantage of a vulnerability in the Cellmate API, which is manufactured by the Chinese internet of things – sexual – Qiui. The vulnerability, however, was found in October 2020 by a group of UK security researchers.
The chastity belt, or chastity cage, is a device historically designed for women, but today very common among men, especially those in the BDSM community. It functions as a cage for the penis, preventing its erection, masturbation or sexual activity.
When closing the cage, it must remain closed until the sexual partner, who has the key – in this case an application -, releases the lock. The Qiui chastity belt is controlled by an integrated microcontroller. The vulnerability, when exploited, allows a cybercriminal to access and take complete control of this microcontroller, remotely.
“QIUI believes that a true chastity experience is one that does not allow the user to have any control over it”, Says the product announcement in the company’s online store. Following this motto, the company offers chastity control not for its users, much less for its partners, but for any other interested person.
The company reports that it has released a software update, which corrects the vulnerability, in addition to a solution, say, more physical – calm that is not a hammer -, to disassemble the device with a screwdriver.
One of the victims who spoke to Vice reports that the cybercriminal asked for a ransom of 0.02 Bitcoin (about $ 37,000) and his “smart” cage was actually locked, but fortunately, his penis was not inside it. Another victim, who prefers to be called RJ, said the cybercriminal contacted him demanding a ransom to release the lock. “I was not the owner of the cage, so I had no control over it at any time,” he said.
IoT goes wrong
IoT solutions can be very useful professionally, in companies and industries to automate processes and increase productivity. But, the fact that they are connected to the internet all the time, makes them, in addition to being more vulnerable, more attractive to criminals on the internet, since when accessing the device’s network, it is possible to access the local network, in which the device is connected .
Smart devices, as devices are known equipped with Internet of Things (IoT), that is, that connect to the internet, do not have a good reputation for their safety. The Hack has already covered several cases of critical vulnerabilities found in different segments of this equipment.
As is the case with smart bells, still sold on Amazon and other sites today, that instead of protecting your home, open the doors of your network and your surveillance cameras to cybercriminals.
It also has the history of pet feeders by Xiaomi, marketed for about $ 800, which a researcher was able to access all of the device’s nearly 11,000 units last year. A flat of pyromaniac hair and even a candle (yes, a candle) which is lit via an application (?).
“Almost all companies and products will have some kind of vulnerability in their lives. Maybe not as bad as this one [cinto de castidade], but something. It is important that all companies have a way for researchers to contact them”Said Alex Lomas, security researcher at Pentest Partners, who analyzed the case.
Sources: Vice; Techcrunch; Qiui.
See the original post at: https://thehack.com.br/cibercriminosos-estao-sequestrando-penis-de-usuarios-de-cinto-de-castidade-inteligentes/?rand=48873
