IoT Sex Toy Security Flaw | Avast

IoT Sex Toy Security Flaw | Avast
Emma McGowan, 18 October 2020

When it comes to your devices, be on the lookout for signs of so-called abandonware



When we talk about the Internet of Things (IoT), we’re usually talking about “smart” home appliances. Fridges. Coffeemakers. Virtual assistants. But there’s another category of device that is also increasingly connected to the internet: sex toys. And, like other IoT devices, app-connected sex toys are at risk of security and privacy violations if they’re not created with security in mind. 
The latest to make the news is the Qiui Cellmate, a chastity device for men that can be unlocked or locked via an app and a Bluetooth connection. To people interested in this type of activity, it probably sounded like a dream come true.
But that dream turned into a nightmare when it came out that the lock has a major security flaw. According to the security firm Pen Test Partners, the API that the app uses to communicate with the toy was left open and without a password. That means anyone with the know-how could hack into the toy and take control of it. It also left the users’ exact locations and private messages open to intruders. 
“We discovered that remote attackers could prevent the Bluetooth lock from being opened, permanently locking the user in the device,” Pen Test Partners wrote in a blog post. “There is no physical unlock. The tube is locked onto a ring worn around the base of the geni ..

Support the originator by clicking the read the rest link below.