Security Flaw Makes Smart Toilets Vulnerable to Hackers

| August 5, 2013 | 6 Replies

 

Security Flaw Makes Smart Toilets Vulnerable to HackersChris Dougherty
VirtualThreat Contributing Writer

 

When it comes to online privacy we generally think of things like our favorite social networking sites, mobile phones, chat records, email, etc. Now, experts have uncovered a new security flaw that makes toilets vulnerable to hackers.

Trustwave, an information security company, recently published a security advisory reporting a vulnerability in the Satis  “smart” toilet, manufactured by LIXIL Corporation.  The Satis toilets are controlled with an Android app called “My Satis”, which communicates with the toilets over Bluetooth. The vulnerability lies in the fact that the Bluetooth PIN is hard-coded to “0000.” With that information, a hacker would only need to download the “My Satis” app, then pair his mobile device to the toilet using the default code of “0000” and he would have full control of the toilet’s functionality.

The mobile app can control functions of the toilet such as flushing and playing ambient music. Can you imagine sitting on the toilet trying to take care of business and along comes a series of rapid, loud flushes mixed to the music of AC/DC’s Thunderstruck playing at full volume? Sure, its not your average high-security cyber attack but it might tend to freak out the average Joe.

Trustwave reports “Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user.”

As of this writing there is no current patch to fix this issue, nor has the manufacturer, LIXIL, replied to any requests for comments.

This is a real-life security issue, but I think milk just came out of my nose when I laughed so hard while thinking of the mayhem a malicious hacker might cause with this vulnerability :-). A question comes to mind almost immediately though. Who really needs a remote controlled toilet anyway?

 

Let me know what you think in the comments below!

 

About the author…

Chris Dougherty is a grey hat hacker and online security expert. Please visit his blog, www.VirtualThreat.com, for more excellent news and information about protecting yourself in cyberspace.

This article is offered under Creative Commons license. It’s okay to republish it anywhere as long as attribution bio is included and all links remain intact.

 

 



Tags: , , , , , ,

Category: News

Comments (6)

Trackback URL | Comments RSS Feed

Sites That Link to this Post

  1. Security Flaw Makes Smart Toilets Vulnerable to Hackers | | August 6, 2013
  1. over it says:

    too funny!

    I hope someone does have fun with it.

  2. Ted Koprolski says:

    If the people who designed this toilet are stupid enough to make it controllable by software, they deserve their profits to go down the drain. Software is not the end all and be all of everything. It’s time to flush this idea and start anew.

  3. Duece says:

    What the hell do you need a Smart Toilet for anyway? What?

  4. jeff says:

    I guess the real Google toilet is here!

  5. Neal says:

    I’m using a bucket from now on.

Leave a Reply