Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Hard-coded PIN vulnerability found in smart toilets
Phys.Org ^ | by Nancy Owano

Posted on 08/06/2013 2:22:56 PM PDT by Red Badger

Security experts are warning us all over the place. The digital life used to be a cubicle and workstation. Now it's well, life. Everything is connected, and Internet is everywhere. That means criminal intruders along with pranksters can also broaden their reach from computer malware to home connections such as smart appliances and meters. Last week, there was one more proof that this was so: According to a warning by the information security firm Trustwave, a Satis-brand toilet by the Japan-based company Lixil can be controlled remotely by an Android app.

According to Daniel Crowley a managing consultant with information security firm Trustwave SpiderLabs, the vulnerability could allow a prankster to outsmart the toilets. The firm posted a warning on August 1 that a luxury brand of toilets that carry a smartphone app for controlling the smart features of the toilet can be commandeered by an outside invader. These toilets can communicate with the phone app through Bluetooth and therein lies the problem.

The Satis smart toilet, said the advisory, is controlled using the app My Satis. This Android application has a hard-coded Bluetooth PIN of "0000" and any person using the application can control any Satis toilet by downloading the app and entering the "0000" PIN. An attacker could cause the toilet to flush repeatedly. This would in turn raise water usage and for those who pay water bills could see an increase in costs on their utility bills.

Attackers could also cause the unit to unexpectedly open and close the lid, activate the bidet or air-dry functions. Depending on age and mental status, these acts could not be so funny and could cause fear or general distress, even though the damage is not lethal. According to Trustwave, the manufacturer was notified about the vulnerability.

The Satis line of luxury toilets may cost anywhere from $2,385 to $4,657 depending on the model. They are loaded with features such as automated lids that open and close, heated seats with temperature control, sprays, music, and deodorizers. The line offers a bowel-movement tracker for those concerned with monitoring their health. At the end of last year, Lixil announced that in 2013 it was to add something even smarter, a series of toilets that can be controlled by smartphone.

They said that the My Satis Android app, which communicates with the toilet using Bluetooth, enables the user to operate its various functions using a handset.

News of the vulnerability has attracted many jokes and snarky metaphors. Apart from entertainment value, though, the story is worth noting because the security firm flagged a situation where a household fixture with a live connection to a smartphone can be exploited.

Interestingly, among the recent Black Hat 2013 presentations was one about "home invasion" where Crowley took part, and it had to do with network-connected devices used in homes posing security risks.

"Once upon a time, a compromise only meant your data was out of your control. Today, it can enable control over the physical world resulting in discomfort, covert audio/video surveillance, physical access or even personal harm," said the presentation notes.



TOPICS: Crime/Corruption; Culture/Society; Japan; Technical
KEYWORDS: app; hack; smartphone; smarttoilet; toilet
Is nothing safe anymore?.............
1 posted on 08/06/2013 2:22:56 PM PDT by Red Badger
[ Post Reply | Private Reply | View Replies]

To: Red Badger

An app that directly competes with Facebook.


2 posted on 08/06/2013 2:24:46 PM PDT by Resolute Conservative
[ Post Reply | Private Reply | To 1 | View Replies]

To: Resolute Conservative

FaceButt?............


3 posted on 08/06/2013 2:25:52 PM PDT by Red Badger (Want to be surprised? Google your own name......Want to have fun? Google your friend's names........)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Red Badger

I’ve heard of sitting on pins and needles butt this is ridiculous.


4 posted on 08/06/2013 2:26:00 PM PDT by techcor (leas)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

Why do we need smart potties?

Imagine in a power outage. Even the potty doesn’t work. Insanity.


5 posted on 08/06/2013 2:26:48 PM PDT by Black Agnes
[ Post Reply | Private Reply | To 1 | View Replies]

To: techcor

Why would anybody want a toilet they can flush with their smartphone in the first place?.......


6 posted on 08/06/2013 2:27:02 PM PDT by Red Badger (Want to be surprised? Google your own name......Want to have fun? Google your friend's names........)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Red Badger

I WANT one of these smart toilets. I do.

I’ll just press a button on my phone app and BINGO!

All Wiped Up.


7 posted on 08/06/2013 2:27:14 PM PDT by Responsibility2nd (NO LIBS. This Means Liberals and (L)libertarians! Same Thing. NO LIBS!!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger
offers a bowel-movement tracker for those concerned

The NSA is all over this...

8 posted on 08/06/2013 2:27:36 PM PDT by Izzy Dunne (Hello, I'm a TAGLINE virus. Please help me spread by copying me into YOUR tag line.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

This begs the question of why it is important to have a smart phone-controlled pooper.


9 posted on 08/06/2013 2:27:52 PM PDT by Noumenon (What would Michael Collins do?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Black Agnes
Why do we need smart potties?

For dumb sh!ts.......

10 posted on 08/06/2013 2:28:02 PM PDT by Red Badger (Want to be surprised? Google your own name......Want to have fun? Google your friend's names........)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Red Badger

wait... what?


11 posted on 08/06/2013 2:28:06 PM PDT by GeronL
[ Post Reply | Private Reply | To 1 | View Replies]

To: Slings and Arrows

Smart toilets take Butt-Dialing to a whole new level - ping.


12 posted on 08/06/2013 2:29:14 PM PDT by Responsibility2nd (NO LIBS. This Means Liberals and (L)libertarians! Same Thing. NO LIBS!!)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Red Badger

Everybody be careful, I have one of these and had some issues. I was sitting on the toilet doing my business when I decided to activate the toilet app with my cell phone. I had toilet paper in one hand and my phone in the other. I went to put my password (My password is poopoo, how clever is that?) in my cell phone but wait a minute, this hand has the toilet paper. This could only mean one thing, the cell phone is in my ass. Yes, some ass has my cell phone. I put the phone in a zip lock bag and took it to the Apple store and told them, “I don’t know what happened, it just stopped working”. If you can believe it, I now have to operate the toilet manually until I get my phone back, How stupid is that, what am I a cave man or something?


13 posted on 08/06/2013 2:29:53 PM PDT by 12chachacha (Sucker??)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger
They are loaded with features such as automated lids that open and close,

Time for Hollywood to remake No Time for Sergeants.

The line offers a bowel-movement tracker for those concerned with monitoring their health.

Great, now my doctor and the IRS will think I go to the bathroom every 30 seconds because the neighbor kid hacked my toilet.

14 posted on 08/06/2013 2:34:06 PM PDT by KarlInOhio (This message has been recorded but not approved by Obama's StasiNet. Read it at your peril.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

What is it with the Japanese and toilets?


15 posted on 08/06/2013 2:37:54 PM PDT by Cymbaline ("Allahu Akbar": Arabic for "Nothing To See Here" - Mark Steyn)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger
According to a warning by the information security firm Trustwave, a Satis-brand toilet by the Japan-based company Lixil can be controlled remotely by an Android app. According to Daniel Crowley a managing consultant with information security firm Trustwave SpiderLabs, the vulnerability could allow a prankster to outsmart the toilets.
So, I go to the bathroom in the airport. What is the story on the sinks in airport bathrooms, that they will not give us a twist-it-on twist-it-off, human-style faucet? Is that too risky for the general population? Too dangerous? We gotta install the one-handed, spring-loaded, pain-in-the-ass Alcatraz-style faucet. You know, those ones you gotta go: "Hey I got a little water there" "Hey I got a couple of drops."

What is it they think we would do with a faucet? Turn them all on full, run out into the parking lot laughing, pushing each other into the bushes?
"Come on, the water's on, let's go! I turned it on full blast!"
"You idiot! We're businessmen - we're gonna miss our plane."
"Who cares? Water!"
That's how they think we're gonna act.

-- Jerry Seinfeld, I'm Telling You For The Last Time


16 posted on 08/06/2013 2:39:03 PM PDT by Alex Murphy ("Thus, my opponent's argument falls.")
[ Post Reply | Private Reply | To 1 | View Replies]

To: Cymbaline

THERE’S AN APP FOR THAT..


17 posted on 08/06/2013 2:40:57 PM PDT by Col Frank Slade
[ Post Reply | Private Reply | To 15 | View Replies]

To: Red Badger

I’m surprised that it doesn’t intentionally let you sync up with your phone via bluetooth as a sanitary measure. People could request features with their phones rather than touch a common panel on the wall. It would have to figure out a way to make sure you sync up with the right phone instead of the one held by the person in a nearby stall.

The possibilities are endless. Yelp could confirm that you really did eat at the restaurant on which you just passed commentary. Walgreens could determine if you are a good candidate for stool softener coupons. ...


18 posted on 08/06/2013 2:41:51 PM PDT by posterchild
[ Post Reply | Private Reply | To 1 | View Replies]

To: posterchild

A toilet with video uplink yo YouTube..........


19 posted on 08/06/2013 2:50:54 PM PDT by Red Badger (Want to be surprised? Google your own name......Want to have fun? Google your friend's names........)
[ Post Reply | Private Reply | To 18 | View Replies]

To: Resolute Conservative

Unless there is a camera somewhere in there or you need to pay to flush (and ostensibly have stored your credit card information in your toilet) at home...what would a criminal possibly gain by hacking your toilet, other than a harmless prank?


20 posted on 08/06/2013 2:59:20 PM PDT by The Unknown Republican
[ Post Reply | Private Reply | To 2 | View Replies]

To: Red Badger

if yu can read this.. yur OK. if yur dyslexic , yur skrewed.


21 posted on 08/06/2013 3:11:58 PM PDT by NormsRevenge (Semper Fi --)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger
As Scotty said, "The more intricate the plumbing, the easier it is to clog it up."
22 posted on 08/06/2013 3:14:57 PM PDT by Othniel (No, I don't have a plan. And doesn't that scare you to death?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

What Shi’ite-head pays three to five grand for a crapper?


23 posted on 08/06/2013 3:46:46 PM PDT by MIchaelTArchangel (Have a wonderful day!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

Hey toilet... if you’re so smart, why are you taking my **** all the time?


24 posted on 08/06/2013 3:47:55 PM PDT by Tijeras_Slim
[ Post Reply | Private Reply | To 1 | View Replies]

Only in Japan....


25 posted on 08/06/2013 3:58:19 PM PDT by Rio
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

Ohh great, a bowl movement tracker. I smell a new tax.


26 posted on 08/06/2013 4:04:08 PM PDT by Husker24
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger

Gives a whole new meaning to “butt dialing”.


27 posted on 08/06/2013 4:19:17 PM PDT by mikey_hates_everything
[ Post Reply | Private Reply | To 1 | View Replies]

To: Red Badger
News of the vulnerability has attracted many jokes and snarky metaphors.

I knew that when I read that sentence that FReepers would be all over this with even better snark and better jokes.

It appears I was not wrong....

28 posted on 08/06/2013 4:48:12 PM PDT by Alas Babylon!
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson