Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Hard-coded PIN vulnerability found in smart toilets
Phys.Org ^ | by Nancy Owano

Posted on 08/06/2013 2:22:56 PM PDT by Red Badger

Security experts are warning us all over the place. The digital life used to be a cubicle and workstation. Now it's well, life. Everything is connected, and Internet is everywhere. That means criminal intruders along with pranksters can also broaden their reach from computer malware to home connections such as smart appliances and meters. Last week, there was one more proof that this was so: According to a warning by the information security firm Trustwave, a Satis-brand toilet by the Japan-based company Lixil can be controlled remotely by an Android app.

According to Daniel Crowley a managing consultant with information security firm Trustwave SpiderLabs, the vulnerability could allow a prankster to outsmart the toilets. The firm posted a warning on August 1 that a luxury brand of toilets that carry a smartphone app for controlling the smart features of the toilet can be commandeered by an outside invader. These toilets can communicate with the phone app through Bluetooth and therein lies the problem.

The Satis smart toilet, said the advisory, is controlled using the app My Satis. This Android application has a hard-coded Bluetooth PIN of "0000" and any person using the application can control any Satis toilet by downloading the app and entering the "0000" PIN. An attacker could cause the toilet to flush repeatedly. This would in turn raise water usage and for those who pay water bills could see an increase in costs on their utility bills.

Attackers could also cause the unit to unexpectedly open and close the lid, activate the bidet or air-dry functions. Depending on age and mental status, these acts could not be so funny and could cause fear or general distress, even though the damage is not lethal. According to Trustwave, the manufacturer was notified about the vulnerability.

The Satis line of luxury toilets may cost anywhere from $2,385 to $4,657 depending on the model. They are loaded with features such as automated lids that open and close, heated seats with temperature control, sprays, music, and deodorizers. The line offers a bowel-movement tracker for those concerned with monitoring their health. At the end of last year, Lixil announced that in 2013 it was to add something even smarter, a series of toilets that can be controlled by smartphone.

They said that the My Satis Android app, which communicates with the toilet using Bluetooth, enables the user to operate its various functions using a handset.

News of the vulnerability has attracted many jokes and snarky metaphors. Apart from entertainment value, though, the story is worth noting because the security firm flagged a situation where a household fixture with a live connection to a smartphone can be exploited.

Interestingly, among the recent Black Hat 2013 presentations was one about "home invasion" where Crowley took part, and it had to do with network-connected devices used in homes posing security risks.

"Once upon a time, a compromise only meant your data was out of your control. Today, it can enable control over the physical world resulting in discomfort, covert audio/video surveillance, physical access or even personal harm," said the presentation notes.



TOPICS: Crime/Corruption; Culture/Society; Japan; Technical
KEYWORDS: app; hack; smartphone; smarttoilet; toilet
Navigation: use the links below to view more comments.
first previous 1-2021-28 last
To: Red Badger

if yu can read this.. yur OK. if yur dyslexic , yur skrewed.


21 posted on 08/06/2013 3:11:58 PM PDT by NormsRevenge (Semper Fi --)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger
As Scotty said, "The more intricate the plumbing, the easier it is to clog it up."
22 posted on 08/06/2013 3:14:57 PM PDT by Othniel (No, I don't have a plan. And doesn't that scare you to death?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

What Shi’ite-head pays three to five grand for a crapper?


23 posted on 08/06/2013 3:46:46 PM PDT by MIchaelTArchangel (Have a wonderful day!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

Hey toilet... if you’re so smart, why are you taking my **** all the time?


24 posted on 08/06/2013 3:47:55 PM PDT by Tijeras_Slim
[ Post Reply | Private Reply | To 1 | View Replies]

Only in Japan....


25 posted on 08/06/2013 3:58:19 PM PDT by Rio
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

Ohh great, a bowl movement tracker. I smell a new tax.


26 posted on 08/06/2013 4:04:08 PM PDT by Husker24
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

Gives a whole new meaning to “butt dialing”.


27 posted on 08/06/2013 4:19:17 PM PDT by mikey_hates_everything
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger
News of the vulnerability has attracted many jokes and snarky metaphors.

I knew that when I read that sentence that FReepers would be all over this with even better snark and better jokes.

It appears I was not wrong....

28 posted on 08/06/2013 4:48:12 PM PDT by Alas Babylon!
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-28 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson