Hacker Locks Internet-Connected Chastity Cage, Demands Ransom (vice.com) 139
A hacker took control of people's internet-connected chastity cages and demanded a ransom to be paid in Bitcoin to unlock it. From a report: "Your cock is mine now," the hacker told one of the victims, according to a screenshot of the conversation obtained by a security researcher that goes by the name Smelly and is the founder of vx-underground, a website that collects malware samples. In October of last year, security researchers found that the manufacturer of an Internet of Things chastity cage -- a sex toy that users put around their penis to prevent erections that is used in the BDSM community and can be unlocked remotely -- had left an API exposed, giving malicious hackers a chance to take control of the devices. That's exactly what happened, according to a security researcher who obtained screenshots of conversations between the hacker and several victims, and according to victims interviewed by Motherboard. A victim who asked to be identified only as Robert said that he received a message from a hacker demanding a payment of 0.02 Bitcoin (around $750 today) to unlock the device. He realized his cage was definitely "locked," and he "could not gain access to it."
Nelson Muntz to rescue (Score:2)
Cloud service... (Score:5, Informative)
From the article it looks like this device phones home to an externally hosted service, and it is this service where the vulnerability was.
If you're going to use a device remotely, put it behind a firewall that you control, with remote access via a vpn that you control. Don't rely on an external party to run a server for you. The device itself may be ridiculously insecure and poorly designed, but it's not going to get compromised if you isolate it and strictly control in/out access.
Not only are you subject to their security policies over which you have absolutely no control, but the device you paid for and may still be fully functional will become a brick when they decide to no longer run that server.
Re: Cloud service... (Score:3)
Imagine if the cloud service went down forever "because we are seeking better and exciting oppurtunities to serve our customers".
I wouldn't trust a cloud service to hold my documents. Would you trust one to hold your ding-a-ling?
Re: (Score:2)
if the cloud service went down forever "because we are seeking better and exciting oppurtunities to serve our customers".
What if that's exactly what's up, or if.. the architecture of such a service was insecure not because of incompetence, but because of a deliberate collusion: as in.. some people in the upper ranks of the company might be in cahoots with the bad guys?
Normally I would suggest assuming good intentions from companies, but the risk of such a thing is so glaringly obvious that it begins to
Re:Cloud service... (Score:4)
I have a pretty generic gmail address and get all sorts of interesting wrong address email. For years some woman's home alarm system would e-mail me updates on every action. Nancy has left the house. Nancy has entered the house. Nancy has gone to bed for the night. Helpfully included was her home address. Unhelpfully not included was any kind of unsubscribe or contact email address.
Just imagine some cloud organization getting dick lock and unlock reports from all over the place.
Re:Cloud service... (Score:5, Insightful)
Re: (Score:2)
Or show up when you know she's home!
Re: (Score:2)
Yeah, I was going to. International postage and all. Instead I looked up who owned the security company (AT&T) and sent a bunch of e-mails to all their addresses I could find.
Re: (Score:2)
strictly control in/out access.
I didn't read TFA, but I imagine that was the basic idea.
Toy? (Score:2)
I think a better term wants to be found than "toy" for this kind of device. It doesn't sound like much fun, particularly after the happenings in the article.
Come on, guys (Score:3)
Can't you see this is clearly a staged publicity stunt?
Re: (Score:2)
rather, a caged stunt . . .
Re: (Score:2)
Re: Come on, guys (Score:3)
Yes, because having my privates held hostage by a remote hacker demanding $750 makes me want to rush out and buy one.
Perhaps this is part of some people's fetish? I don't know. People are into such weird crap these days. =S
Re: (Score:2)
If you want to see it in use (a lot) try out this NSFW site [bdsmlr.com].
Kinks are one thing. But when they take over your whole identity .... oh, never mind I'm sure you know.
Re: (Score:2)
Someone missed the point. (Score:5, Insightful)
To each their own and all that.
Re: (Score:2)
This "hacker" should have unlocked them.
Masochist: Please beat me!
Sadist: No.
Re: (Score:2)
Pay me the bitcoin or I'll pop it open AND send some porn to your phone
WOW (Score:2)
Re: (Score:2)
Funny, the same thing happened to the guys in the chastity device
Re: (Score:2)
I think "your cock is mine" might be exactly what they want to hear. That ransom will never materialize.
Kind of weird that the security researcher is a Mr. Smelly as well.
Dudes chastity? (Score:2)
Yeah, just throw away the key.
Hopefully He Pays The Ransom (Score:5, Funny)
and still can't get it off.
I will see myself out now.
Re: (Score:2)
Thanks, now I have a Depeche mode song in my head...
All the things you do to me
And everything you said
I still can't get it off
I still can't get it off
Huzzah (Score:4)
This is the story I needed today.
Holy fuck (Score:2)
Re:Holy fuck (Score:5, Informative)
Not just predicted, but the security flaw was reported to the manufacturer in April: https://www.theverge.com/2020/... [theverge.com]
Just call the fire brigade (Score:5, Insightful)
Chances are they have seen stranger things and will get this thing off without doing any real damage. Some humiliation is part of the package, of course, but that is what you wanted, right?
Re: (Score:2)
Re:Just call the fire brigade (Score:4, Funny)
Hey Larry! Bring the Nibblers of Freedom!
Wahhhh-waahhh (Score:2)
Darwin's makin' a list, and checkin' it twice.
On the upside, this will keep the gene pool a bit cleaner.
ProTip...keep bolt cutters on hand (Score:2)
However, if you're going to lock your genitals in a cage, always have a plan B. I am less concerned about hackers and more just system malfunction for any IoT
Re: (Score:2)
...looks like it could be cut in 1 second with a $50 bolt cutter available at any hardware store....
The hard part (the jokes write themselves, so I won't) would be the collateral damage, so be sure the cage is being cut by a very trusted someone.
Re: (Score:2)
Most likely a team of 16 emergency responders all standing around trying to surreptitiously take pictures because no one will believe it.
Almsot reminds me of the zipper scene in Something About Mary. "We got a bleeder!"
Re: (Score:2)
Re: (Score:2)
always have a plan B
Besides the obvious "plan B" birth control jokes... That's one of the rules for...um...stuff...like this: Always have an "escape plan" for when things don't go right.
Re: (Score:2)
The victim tried repeatedly sending "bananarama" to the hacker but did not get a response.
Re: ProTip...keep bolt cutters on hand (Score:2)
Like bricked firmware because of a simple malfunction. Or the batteries dying forever.
I don't know why there are no physical keys to this device (two different locks, using high security tamper proof keying, to make the wearer feel 'secure'), but oh well.
Naah, better try... (Score:2)
An Angle Grinder:
https://chicagoist.com/2015/03... [chicagoist.com]
Put On Yer Baggy Britches . . . (Score:2)
Re: (Score:2)
Um, pretty sure this deserves a cutting torch and some pliers.
Re: (Score:2)
I am pretty sure you are going to have to go a long way to get someone with a cutting torch near his dick.
On the other hand... https://youtu.be/8wBSH296d_w?t... [youtu.be]
Re: Put On Yer Baggy Britches . . . (Score:2)
Nah, if this is like other eletronic locks, putting a magnet to the side of it will move the relain and unlock it.
Or there will be a wire that sends the lock state instead of the code, behind the front panel, so you just short that wire.
Learned that from the LockPickingLawyer.
Re: (Score:2)
838Trump Tests Positive For COVID-19
587Trump Fires Election Security Director Who Corrected Voter Fraud Disinformation
511Trump To Congress: Repeal Section 230 Or I'll Veto Military Funding
510Donald Trump 'Offered Julian Assange a Pardon if He Denied Russia Link To Hack'
Re: Put On Yer Baggy Britches . . . (Score:2)
Cause it's the news of the week/month?
Darwin Award! (Score:2)
Best Darwin Award nominee in yeas . . .
It is a common misconception that eligibility requires dying in a dramatic and ridiculous way. Rather, it requires improving the gene pool by stopping you from making further additions.
Here, the stupid act of putting the family jewels in an internet controlled device simultaneously keeps him from spreading his genes . . .
hawk
ROFLMAO (Score:2)
OMG should this be so hilarious!? XD
In my day (Score:2)
This is the lock-picking lawyer... (Score:5, Funny)
This is the lock-picking lawyer. Today we have an unusual situation, a chastity lock that has been remotely compromised.
I could just pick the lock in seconds, or probably just open it with a magnet.
But it will be a lot more fun to use a ramset to blow it apart
https://www.youtube.com/channe... [youtube.com]
Re: (Score:2)
Re: (Score:2)
That would be an epic episode. Love that channel !
Re: This is the lock-picking lawyer... (Score:2)
Dick on numben one.
Nothing on number two...
False gate avoided on three...
All exploits must be named! (Score:3)
I vote we call this the ding-dong ditch attack.
Chastity is fun, but this is cruel! (Score:2)
Re: Chastity is fun, but this is cruel! (Score:2)
I am certain a simple angle grinder and a few ice cubes will solve this.
Although I verily look forward to that episode of LockPickingLawyer! :D
Re: (Score:2)
On a serious note who thinks a IoT Chastity belt is a good idea, at least without having a source review!
Inside job? (Score:2)
Wrong tactic (Score:2)
You think that the folks wearing these things aren't looking for this exact sort of lack of control?
You're just threatening them with a good time!
ahem... (Score:2)
know your audience (Score:2)
A new era has begun (Score:3, Funny)
read the article, was dissapointed (Score:2)
Missed opportunity: Protect your bits.
Thought I was past being surprised by the Internet (Score:2)
But apparently I was wrong.
1) There are chastity cages in this day and age?
2) They're connected to the INTERNET????
Re: (Score:2)
Your response reads like prime material for a Robocop in-movie news segment.
Reality officially can't be taken seriously anymor (Score:2)
Gotta go. To a more realistic and sane place. Like a fantasy horror movie about Alice in fucking Wonderland!
P.S.: Humanity is now also officially too stupid to live. All Hail our saviour, Coronavirus! . . . ;)
Sexual Assault? (Score:2)
Repeat (Score:2)
Thoughts on this from a BDSM perspective (Score:2)
Since most people here will comment on the tech aspects of this, I'll give you a different perspective. These are just some of my thoughts on the matter. I am in the BDSM community (no, not into chastity devices, that's not my kink).
A mantra in the community is SSC: "Safe, Sane, Consensual". That means each person should trust the other and feel comfortable exploring their interests (safe), should be sober and not suffering from a serious mental illness such as psychosis or a major mood disorder that impair
Re: Thoughts on this from a BDSM perspective (Score:2)
And, just to add that, by having an insecure device, you are opening yourself up to play that is no longer consensual either, as a third-party you do not know and trust is now involved in your play sessions. I think it's a bad idea all around. As I explained, there are safer ways to explore orgasm denial, if that is your thing.
Re: (Score:2)
Well, failure to plan... buy a shitty design.. get fucked (or don't) when it breaks.
Why doesn't this have a physical backup lock?
also dead battery unlock? (Score:2)
also dead battery also dead battery unlock?
Re:also dead battery unlock? (Score:5, Informative)
Re: (Score:2)
why is this thing at all? that's the real question.
Rule 34 (Score:2)
Read up on rule 34 and it is close enough to being the answer to go with.
Re: (Score:2)
why is this thing at all? that's the real question.
Technically, that is most of a question.
Re: Hahahahahah (Score:5, Funny)
Ever tried to use an angle grinder next to your unclothed nuts?
Me neither.
Re: (Score:2)
I would guess that people who own this device just might be able to find something of the correct size and shape, maybe made of leather, to cover this part of their body.
Re: (Score:2)
Re: Hahahahahah (Score:4, Informative)
Got stung by a yellow jacket just before the ring on my finger and had to have it cut off with a Dremel tool. (The ring, not the finger.) Damn Dremel blade heated that ring up something terrible, and it was gold. A steel ring would be worse.
The ones that I've seen pictures of should be fairly straightforward to cut off with electrician's dikes, which sounds a lot better to me than cutting it off.
Call to the fire dept. (Score:2)
"Um, hello? I seem to have a big problem here..."
Re:Call to the fire dept. (Score:5, Interesting)
Re: (Score:2)
More importantly, for 750, why not take a grinder to it?
I'm sure there's many workarounds but the lack of security is something we should all be aware of.
(unless they just used a weak password in which case it's their own fault)
Re: (Score:2, Funny)
More importantly, for 750, why not take a grinder to it? Im not sure how this looks like, but Iâ(TM)m imagining metal underwear with an electronic lock?
Good chance grindr was the cause of the problem, not the solution.
Re:Hahahahahah (Score:4, Insightful)
Remember the Big Bang Theory episode involving Wolowitz and the robot hand?
Re: (Score:2)
So if the hacker goes remote and uses this device to tickle your private parts can you sue for rape or indecent touching?
Re: (Score:2)
Re: (Score:3)
Or a small boy... [youtube.com]
Re:Um wow (Score:5, Funny)
If an internet connected chastity device isn't news for nerds, then nothing qualifies. It's both technical and cringey.
Re:Um wow (Score:4, Funny)
Seems overly complex. This is slashdot. An electric lock on the parental basement door is all that's needed. Though, again, it's slashdot....so that wouldn't prevent the continuation of "self service".
Re: (Score:3)
"If an internet connected chastity device isn't news for nerds, then nothing qualifies. It's both technical and cringey."
But then, "nerds", I mean, "nerds"... those don't need a chastity device! the opposite, if any.
Re: (Score:2)
Hopefully an actual nerd would be smart enough not to buy an Internet-connected anything, let alone something they strap to their junk.
Re:Um wow (Score:4)
But we nerds definitely want to hear about it when happens.
Re: (Score:2)
I know. The Slashdot crowd probably doesn't even understand basic sex in a missionary position much less has any clue about the weird dark world of BDSM and fetishes.
Re:Um wow (Score:5, Funny)
I know. The Slashdot crowd probably doesn't even understand basic sex in a missionary position much less has any clue about the weird dark world of BDSM and fetishes.
"BDSM.... BDSM... is that a networking protocol? Lemme google that... YE GODS!!"
Re: (Score:3, Funny)
Re: (Score:2)
Did we really need to know this?
Slashdot -- pushing the envelope of "news for nerds"...
Of course, since how else are we going to see if it can be hacked to work with a Pi-hole, for example?
Re: (Score:2)
Slashdot -- pushing the envelope of "news for nerds"...
I'm pretty sure slashdot dropped the "news for nerds, stuff that matters" moniker long, long ago.
Re: Why pay bitcoin? (Score:2)
Amateur.
-- Germany
Re: Seriously? (Score:2)
Well, they got more fucking than you. :D
And their whole fetish is notfuckung!