Published August 05, 2013
It’s probably fair to say that the worst thing that can happen while you’re on the toilet is discovering there’s no paper in the holder at the very moment you go to reach for it.
Owners of a high-tech Satis toilet from LIXIL now have something else to worry about. According to software security firm Trustwave, the super-advanced smart toilet can be hacked. That’s right, malicious attackers could take control of your cutting-edge commode and get it to do just about anything, and possibly at the most inconvenient of moments.
According to Trustwave’s Daniel Crowley, at the center of the security vulnerability is the accompanying My Satis Android app, which communicates with the toilet using Bluetooth, enabling the user to operate its various functions using a handset or tablet.
“The My Satis Android application has a hard-coded Bluetooth PIN of 0000,” Crowley explained. “As such, any person using the application can control any Satis toilet.”
This means the malicious toilet hacker (does such a person actually exist?) could “cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner.”
They could also take control of the unit’s lid, causing it to unexpectedly and repeatedly open and close, thereby distracting you from the all-important job in hand.
The air-dry function for your undercarriage could also be activated without warning, but possibly worst of all, the “posterior nozzle” water-jet bidet feature could kick into action just when you’re least expecting it, a situation which, as Crowley himself says, could cause “discomfort or distress” to the user. I’d suggest both.
The high-end Japanese-made toilet, which also plays music and deodorizes the bathroom, incorporates a fully automatic flushing action, a heated seat, a massage feature (don’t ask), and “soft lighting.”
Trustwave’s security advisory reveals it has contacted the manufacturer about the vulnerability on three occasions, but has so far heard nothing back.