A man was left bleeding from his penis and unable to have sex for a month after he said his hi-tech internet-connected chastity belt was taken over by greedy hackers.
Sam Summers, the unfortunate owner of a Cellmate digital chastity belt, ended up paying the hackers a $1,000 ransom to free his manhood from the device, only to have the unscrupulous cyber-pirates demand even more money.
Fed up with the shakedown, Summers and his partner took matters into their own hands and employed brute force – and a sturdy pair of bolt cutters – to crack the chastity belt, leaving the man with a cut on his member.
Summers was not the only Cellmate user to have fallen victim to hackers.
A man named Sam Summers had his Cellmate brand internet-controlled chastity belt hijacked by hackers, who demanded $1,000 ransom to open it
The locking mechanism is controlled with a smartphone app via Bluetooth
Other men reported similar incidents, including one who said that he received a text message from an anonymous number that declared: ‘Your c**k is mine now.’
The Cellmate, produced by Chinese firm Qiui that has the slogan ‘Love Hurts,’ is a cover that clamps on the base of the male genitals with a hardened steel ring, and does not have a physical key or manual override.
The locking mechanism is controlled with a smartphone app via Bluetooth — marketed as both an anti-cheating and a submission sex play device. It retails for $169 on the company’s website.
Cyber security experts first sounded the alarm about the ‘smart’ chastity belt’s vulnerability to hackers last October, warning users that they could be left with their appendages trapped inside the device.
Summers learned all about the adult toy’s security flaws the hard way.
He recounted for Vice’s Motherboard how one day he was sitting at home with the chastity belt clamped tightly around his penis when he got a message from someone informing him that they had hijacked the device and demanding $1,000 in Bitcoin to release it.
‘Initially, I thought it was my partner doing that,’ Summers said. ‘It sounds silly, but I got a bit excited by it.’
Fed up with the shakedown, Summers and his partner took matters into their own hands and employed brute force – and a sturdy pair of bolt cutters – to crack the chastity belt, leaving the man with a cut on his member
After Summer’s partner assured him that she was not pulling a prank on him, the man admitted: ‘I started freaking out a bit.’
After taking a closer look at the polycarbonate cage encasing his manhood, Summer quickly realized it does not feature a manual override.
‘It’s a chastity belt, I guess it kind of shouldn’t [have an override.] But when it’s a digital thing like that, it should have a key or something. But it obviously didn’t,’ he mused.
Summers remembered that he had some digital currency socked away in an old account and transferred the requested sum to the hackers.
But the man was not out of the woods yet: instead of unlocking the sheath, the rapacious hackers asked for more money.
‘That’s when I felt f***ing stupid and angry,’ Summers said.
The man and his partner decided to use a tool to crack open the device, but they only had a hammer on hand. So the pair headed to a store and picked up a pair of bolt cutters.
Cellmate, produced by Chinese firm Qiui that has the slogan ‘Love Hurts,’ is a cover that clamps on the base of penis and does not have a physical key
First, Summers’ partner tried to force open the chastity belt but couldn’t do it.
Summers then tried to break the cage himself, which he said put his penis in a ‘dangerous spot.’ His efforts paid off, but not without some damage to his genitals.
‘I don’t have a scar or anything but I was bleeding and it fucking hurt,’ Summers said, adding that the injury put his manhood out of commission for a month.
Qiui, the maker of the Cellmate, has posted a video on its website showing how the device can be easily removed with a screwdriver.
The entire harrowing ordeal prompted Summers to throw out the chastity belt, delete the app and swear off internet-connected sex toys.
‘These digital things, you cannot trust them,’ Summers concluded.
Coincidentally, a team of UK-based security professionals had reached the same conclusion months ago.
‘We discovered that remote attackers could prevent the Bluetooth lock from being opened, permanently locking the user in the device. There is no physical unlock,’ British security firm Pen Test Partners said in October.
‘An angle grinder or other suitable heavy tool would be required to cut the wearer free.’
Qiui released an update to Cellmate’s app, as well as a manual override for anyone who did become stuck (pictured) which involved breaking into the device
The firm also found other security flaws in the Cellmate that could expose sensitive user information such as names, phone numbers, birthdays and location data.
‘It wouldn’t take an attacker more than a couple of days to exfiltrate the entire user database and use it for blackmail or phishing,’ PTP’s Alex Lomas wrote in their report on the device.
In response to PTP’s report Qiui fixed most of the issued in May by updating the software, but left the older version active and its users still vulnerable, according to the security firm.
Qiui later told the research team that while they had tried to fix the issue, they had found it had created more problems.