The Chinese Qiui CellMate is a 2.0 chastity belt for men. It works in duo with an application, like any good connected object. Its shape leaves no doubt as to how it is worn and used. Both the sarcophagus and the metal ring are locked and unlocked using the app installed on a smartphone, generally not the wearer’s smartphone, connected via Bluetooth to the CellMate.
English cybersecurity experts Pen Test Partners submitted the app to various tests and discovered flaws which, exploited by malicious users, could have resulted in the outright imprisonment of the wearer’s member inside the device … without the possibility of unlocking it via the application.
The only solutions to get out of this bad situation would have been to use conventional tools or to bypass the device, for lack of emergency manual opening.
Some users had already encountered app stability concerns (according to reviews collected by TechCrunch), finding themselves in very embarrassing and dangerous situations.
Despite the warnings, the developers of Qiui took no action
Alerted for the first time by the company, the developers of the Qiui app claimed to have pushed a new version of the app to users … without, however, filling in the gaps in the old version of the API. So after re-inspection of the corrective work done, it turned out that a lot remained.
Thanks to them, hackers were able to collect personal data from users of the connected accessory, such as private messages, clear passwords or even the geographical position of carriers without needing to identify themselves in any way.
Yes Pen Test Partners had not until then given the alert, the developers of the Qiui app have not given any sign of life since the end of August and have not respected the deadlines for the deployment of patches that they themselves had determined. Other security researchers having found traces of these flaws, the experts had no other choice but to make an announcement, in the general interest and to warn CellMate users.