Security flaws in sex toys are nothing new, but one set of vulnerabilities could have been particularly dangerous — not to mention embarrassing. Pen Test Partners has disclosed (via TechCrunch) app programming interface flaws in Qiui’s Cellmate, a male chastity sex toy, that let attackers remotely lock a user’s penis in. If that happened, you’d need to force the toy open using either heavy tools (think an angle grinder or bolt cutter) or jolting certain wires with electricity. There’s no manual override.
The app flaws also let intruders collect private messages, plain text passwords and location info without the need for authentication.