Think it’s bad when someone hacks your PC or smartphone? Welcome to our interconnected future: thanks to Bluetooth, a determined hacker can now do malicious things to your Bluetooth-enabled toilet.
Cyber-security firm Trustwave issued an advisory August 1 detailing how someone with knowledge of Bluetooth could hack the Satis automatic toilet, which can play music and deodorize the immediate airspace (among other automatic functions) in addition to flushing waste. (Hat tip to Wired’s UK edition for pointing out the advisory.) As one would expect with a toilet that retails for thousands of dollars, the Satis comes with a “My Satis” Android application that allows for remote control, creating some rather unique attack surfaces in the process.
“Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user,” reads the advisory.
If that wasn’t enough, a determined hacker could use the Satis’ remote abilities to drive the toilet owner’s water bill through the proverbial ceiling: “An attacker could simply download the ‘My Satis’ application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner.”
The problem is that the “My Satis” application has a card-coded Bluetooth PIN of “0000,” as seen in its decompiled code:
BluetoothDevice localBluetoothDevice =
Trustwave attempted to contact Inax, which builds the Satis, three times throughout July before finally publishing the advisory. No patch currently exists for the issue.
But some security experts aren’t exactly worried by the prospect of Anonymous seizing control of the world’s luxury toilets. “It’s easy to see how a practical joker might be able to trick his neighbours into thinking his toilet is possessed as it squirts water and blows warm air unexpectedly on their intended victim,” IT security blogger Graham Cluley told the BBC, “but it’s hard to imagine how serious hardened cybercriminals would be interested in this security hole.”
Even so, with so many devices joining the so-called “Internet of Things,” the incredible hackable toilet serves as a reminder (hopefully not a smelly one) that much of our infrastructure is increasingly vulnerable to remote attack.