Smart toilet? Ha, more like scary toilet that can suddenly run amuck and squirt water up your butt.
Last December, Kotaku reported that Inax, a Japanese toilet brand, was rolling out an Android app called My Satis for the teched out Satis toilet. The app allows people to do basic things like flush (and select how much water they want to use), as well as operate the toilet’s bidet and adjust water pressure via Bluetooth. Note the word “Bluetooth”. It’s important!
An iOS version is planned, and, so far, it seems like only the Android app has been released for Japan.
Security company Trustwave Holdings recently reported that the app has a fatal flaw that could cause all sorts of crap to go wrong.
Here are Trustwave’s findings:
The “My Satis” Android application has a hard-coded Bluetooth PIN of “0000” as can be seen in the following line of decompiled code from the application:
BluetoothDevice localBluetoothDevice =
BluetoothManager.getInstance().execPairing(paramString, “0000”)
What does this mean? According to Trustwave, it means anyone with a My Satis application could control any Satis toilet by simply downloading the app and entering the “0000” pin.
“Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user,” Trustwave states.
Toilet lids closing on you! Random flushing! Wet backsides! And the fact that My Satis allows people to control the water pressure, too, means that this could be much, much worse.
What’s the world come to when you can’t even rest in the restroom and when hi-tech Japanese toilets aren’t safe? Dark times, that’s what. No word if Inax is going to flush out these possible problems with a patch. Until then, you might be safer on an analogue throne.
Hard-Coded Bluetooth PIN Vulnerability in LIXIL Satis Toilet [Trustwave via Yahoo! Japan]
Comments
3 responses to “App Vulnerability Could Cause Toilet Terror”
Finally the future is HERE!!!
This would be priceless for pranks. Set one up in your house, invite people over for drinks, surprise bidet for the unsuspecting intoxicated people. 😀
Calm down Satan.
“Smart toilet? Ha, more like scary toilet that can suddenly run amuck and squirt water up your butt.”
(yes…unlike their original design, which….squirts water up your butt.)
How is using your phone for these functions in any way more convenient than the control panel right next to you? Let alone the tendency to both turn your phone into even more of a germ magnet and increase the risk of dropping it in the bowl. Pointless innovation is not innovation at all, it’s redundancy.