fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

‘Your Cock Is Mine Now:’ Hacker Locks Internet-Connected Chastity Cage, Demands Ransom

‘Your Cock Is Mine Now:’ Hacker Locks Internet-Connected Chastity Cage, Demands Ransom

A hacker took control of people’s internet-connected chastity cages and demanded a ransom to be paid in Bitcoin to unlock it. 

“Your cock is mine now,” the hacker told one of the victims, according to a screenshot of the conversation obtained by a security researcher that goes by the name Smelly and is the founder of vx-underground, a website that collects malware samples.  

Also Read: What it means to get a Data Protection Trustmark Certification

In October of last year, security researchers found that the manufacturer of an Internet of Things chastity cage—a sex toy that users put around their penis to prevent erections that is used in the BDSM community and can be unlocked remotely—had left an API exposed, giving malicious hackers a chance to take control of the devices. That’s exactly what happened, according to a security researcher who obtained screenshots of conversations between the hacker and several victims, and according to victims interviewed by Motherboard.   

A victim who asked to be identified only as Robert said that he received a message from a hacker demanding a payment of 0.02 Bitcoin (around $750 today) to unlock the device. He realized his cage was definitely “locked,” and he “could not gain access to it.” 

“Fortunately I didn’t have this locked on myself while this happened,” Robert said in an online chat. 

Do you know of any similar security vulnerability or data breach? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at [email protected], or email [email protected]

“I wasn’t the owner of the cage anymore so I didn’t have full control over the cage at any given moment,” another victim who goes by the name RJ told Motherboard in an online chat. RJ said he got a message from the hacker, who said they had control of the cage and wanted a payment to unlock it.  

Also Read: A guide to Singapore’s Do Not Call Registry

These hacks show once again that just because you can connect something to the internet, it doesn’t mean you have to—especially if you then don’t take care of securing the device or its connection. It’s incidents like these that make some people think the Internet of Things is just a marketing term for the Internet of Hackable Things, as we call it, or even the Internet of Shit, as others call it.

Qiui, the China-based manufacturer of the device, which is aptly called Cellmate, did not respond to a request for comment. A US distributor said in an email that the flaw that allowed the hacker to lock the victims’ cages was fixed in the latest version of the app.

Alex Lomas, a security researcher at Pentest Partners, who audited the Cellmate device, confirmed that some users received the extortion messages, and said this highlights the need for better security practices.

“Almost every company and product is going to have some kind of vulnerability in its lifetime. Maybe not as bad as this one, but something,” Lomas said in an online chat. “It’s important that all companies have a way for researchers to contact them, and that they keep in touch with them.” 

As usual, be careful what devices you trust with your data or, in this case, with your genitals. 

This story was updated to include comment from a US distributor, which reached out after the story was published.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us