A security firm has reported that a luxury toilet brand known for its connectivity with a smartphone app is vulnerable to hacking. The Satis luxury toilet, which retails for up to $5,686, features automatic flushing, a bidet spray, and the ability to play music and spray fragrance.
Information security experts from Trustwave’s Spiderlabs has revealed that hardware flaw was found on Satis, which is manufactured by Japan-based company Lixil. Apart from the premium features, the Satis can be controlled through an app called My Satis. However, a loophole within the toilet’s circuitry can be exploited in such a way that any smartphone with the app can also activate the Satis luxury toilets.
According to the report, the toilet connects to the app via Bluetooth, but the PIN code for every toilet unit is hardwired to be “0000”. This PIN code cannot be reset and leaves the toilet vulnerable from other phones with the My Satis app.
Why the big deal about a hackable toilet? The report explains: “An attacker could simply download the My Satis application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner.”
The attacker could also play with the Satis luxury toilet, such as opening the closing the lid suddenly, activate bidet or air-dry functions. This can be made into some sort of a prank to an unwitting victim.
This method of attack has its limitations. According to security expert Graham Cluley, the Bluetooth connectivity limits the remote range. This means that a would-be attacker must be fairly close to the toilet itself for the attack to become successful.
“It’s easy to see how a practical joker might be able to trick his neighbors into thinking his toilet is possessed as it squirts water and blows warm air unexpectedly on the indended victim, but it’s hard to imagine how serious hardened cybercriminals would be interested in this security flaw,” Cluley tells the BBC.
Source: BBC
