Skip to main content

Smart toilet security flaw could result in nasty surprise(s) for users

smart toilet security flaw satis

It’s probably fair to say that the worst thing that can happen while you’re on the toilet going through the motions is discovering there’s no paper in the holder at the very moment you go to reach for it. Whether the solution is a desperate cry for help, an awkward waddle to the closet for a new roll or the creative use of one of your socks probably comes down to a combination of your location and personality, but thankfully it’s a problem which can usually be overcome without too much difficulty, if not a little embarrassment.

However, it seems that owners of a high-tech Satis toilet from LIXIL now have something else to worry about. You see, according to software security firm Trustwave, the super-advanced smart toilet can be hacked. That’s right, malicious attackers could take control of your cutting-edge crapper and get it to do just about anything, and possibly at the most inconvenient of moments.

satis toilet

According to Trustwave’s Daniel Crowley, at the center of the security vulnerability is the accompanying My Satis Android app, which communicates with the toilet using Bluetooth, enabling the user to operate its various functions using a handset or tablet.

“The My Satis Android application has a hard-coded Bluetooth PIN of 0000,” Crowley explained. “As such, any person using the application can control any Satis toilet.”

Toilet hackers

This means the malicious toilet hacker (does such a person actually exist?) could “cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner.”

They could also take control of the unit’s lid, causing it to unexpectedly and repeatedly open and close, thereby distracting you from the all-important job in hand.

The air-dry function for your undercarriage could also be activated without warning, but possibly worst of all, the “posterior nozzle” water-jet bidet feature could kick into action just when you’re least expecting it, a situation which, as Crowley himself says, could cause “discomfort or distress” to the user. I’d suggest both.

The high-end Japanese-made toilet, which also plays music and deodorizes the bathroom, incorporates a fully automatic flushing action, a heated seat, a massage feature (don’t ask), and “soft lighting”.

Trustwave’s security advisory reveals it has contacted the manufacturer about the vulnerability on three occasions, but has so far heard nothing back.

Editors' Recommendations