There have many ransomware attacks within the cryptocurrency industry where a hacker encrypts the victim’s personal data and demands a crypto ransom in return. However, things have gotten a tad too weird as recent reports have revealed that on such attacker have targeted smart chastity cages, and is demanding Bitcoin ransom.
Recent times have seen a surge in the use of internet-connected smart devices that offer some additional benefits like remote access and control when compared to its normal counterpart. One of these smart devices is an app-controlled smart chastity cage product called Cellmate, which locks the wearer’s penis within a polycarbonate shell.
According to a report from Vice, a hacker attacked these cellmate devices and managed to gain control over these devices and locked them. In return, the hacker demanded a ransom of 0.02 BTC from each of the victims to free themselves from their respective cages.
Security researcher “Smelly” of vx-underground shared some screenshots with Vice, which shows the attacker telling one of the victims “Your cock is mine now,” a pretty terrifying confrontation for any victim who was wearing the device.
Manufacturer failed to address security flaws
Back in October, UK security firm Pen Test Partners had noted in a security report that there was a security flaw within the Cellmate API that could leave the device vulnerable to these types of attacks.
“We discovered that remote attackers could prevent the Bluetooth lock from being opened, permanently locking the user in the device,” the firm noted, adding “There is no physical unlock. The tube is locked onto a ring worn around the base of the genitals, making things inaccessible. An angle grinder or other suitable heavy tool would be required to cut the wearer free.”
Pen Test Partners added that Qiui, the Chinese company that manufactures Cellmate, did not respond to the security firm after communicating with them for approximately six months regarding the flaw in their API. Based on the recent attacks, it can be confirmed that the flaw was not addressed by the manufacturer.
On this note, Pen Test Partners security researcher Alex Lomas said:
“Almost every company and product is going to have some kind of vulnerability in its lifetime. Maybe not as bad as this one, but something. “It’s important that all companies have a way for researchers to contact them, and that they keep in touch with them.”
Cryptocurrencies have long been used as a means for ransom payments; especially privacy-focused cryptocurrencies like Monero have been the ideal choice. However, Bitcoin’s recent meteoric rise has got the attention of these bad actors hence Bitcoin has also become quite popular among them.
