Skip to main content

Smart toilet security flaw could result in nasty surprise(s) for users

smart toilet security flaw satis
Image used with permission by copyright holder

It’s probably fair to say that the worst thing that can happen while you’re on the toilet going through the motions is discovering there’s no paper in the holder at the very moment you go to reach for it. Whether the solution is a desperate cry for help, an awkward waddle to the closet for a new roll or the creative use of one of your socks probably comes down to a combination of your location and personality, but thankfully it’s a problem which can usually be overcome without too much difficulty, if not a little embarrassment.

However, it seems that owners of a high-tech Satis toilet from LIXIL now have something else to worry about. You see, according to software security firm Trustwave, the super-advanced smart toilet can be hacked. That’s right, malicious attackers could take control of your cutting-edge crapper and get it to do just about anything, and possibly at the most inconvenient of moments.

satis toilet
Image used with permission by copyright holder

According to Trustwave’s Daniel Crowley, at the center of the security vulnerability is the accompanying My Satis Android app, which communicates with the toilet using Bluetooth, enabling the user to operate its various functions using a handset or tablet.

“The My Satis Android application has a hard-coded Bluetooth PIN of 0000,” Crowley explained. “As such, any person using the application can control any Satis toilet.”

Toilet hackers

This means the malicious toilet hacker (does such a person actually exist?) could “cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner.”

They could also take control of the unit’s lid, causing it to unexpectedly and repeatedly open and close, thereby distracting you from the all-important job in hand.

The air-dry function for your undercarriage could also be activated without warning, but possibly worst of all, the “posterior nozzle” water-jet bidet feature could kick into action just when you’re least expecting it, a situation which, as Crowley himself says, could cause “discomfort or distress” to the user. I’d suggest both.

The high-end Japanese-made toilet, which also plays music and deodorizes the bathroom, incorporates a fully automatic flushing action, a heated seat, a massage feature (don’t ask), and “soft lighting”.

Trustwave’s security advisory reveals it has contacted the manufacturer about the vulnerability on three occasions, but has so far heard nothing back.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Are smart security cameras worth installing?
Arlo camera installed outside.

If you’re looking to protect your home, few options are as powerful (and affordable) as security cameras. The market has exploded with new products over the past few years, and today you’ll find a wide variety of smart home security cameras that are easy to install, carry reasonable price tags, and offer you peace of mind while out of town. But are smart security cameras worth installing?

The short answer? Yes -- smart security cameras make a lot of sense for the majority of homes. However, there are a few caveats to consider. Here’s a closer look at whether you should install a smart security camera in 2023.
Check with your HOA and local government first

Read more
The best smart home security products at CES 2022
Schlage Encode Plus with home keys phone tap to unlock.

The smart home section of CES is always worth a look to see what fascinating new tech is in the offing. For CES 2022, smart security in particular was showcasing some welcome innovations, including products that will fit perfectly in existing home security solutions from top brands like Arlo, Samsung, and more. Smart security is more competitive than ever, and the latest solution-oriented products are nothing but good news for users interested in making improvements.

Let’s take a look at what security tech we found most promising at CES 2022, and why it’s worth keeping an eye on while we’re waiting for release dates.
Arlo Security System

Read more
This South Korean smart home hack is one more reason you should secure your home
Alexa listening indicator.

While most Americans were trying to take advantage of Black Friday sales last weekend, hackers in South Korea pulled off what is perhaps the most damaging hack in smart home history. The as-yet-unidentified hackers recorded photo and video from more than 700 different apartment complexes and held it ransom or sold it outright for Bitcoin.

The entire incident is the stuff of nightmares -- the realization of fears about the smart home industry and what it means to allow cameras and other recording devices into the home without sufficient safeguards in place.

Read more