Hard-coded PIN vulnerability found in smart toilets

August 6, 2013 by Nancy Owano, Phys.org weblog

(Phys.org) —Security experts are warning us all over the place. The digital life used to be a cubicle and workstation. Now it's well, life. Everything is connected, and Internet is everywhere. That means criminal intruders along with pranksters can also broaden their reach from computer malware to home connections such as smart appliances and meters. Last week, there was one more proof that this was so: According to a warning by the information security firm Trustwave, a Satis-brand toilet by the Japan-based company Lixil can be controlled remotely by an Android app.

According to Daniel Crowley a managing consultant with firm Trustwave SpiderLabs, the vulnerability could allow a prankster to outsmart the toilets. The firm posted a warning on August 1 that a luxury brand of toilets that carry a smartphone app for controlling the smart features of the toilet can be commandeered by an outside invader. These toilets can communicate with the phone app through Bluetooth and therein lies the problem.

The Satis smart toilet, said the advisory, is controlled using the app My Satis. This Android application has a hard-coded Bluetooth PIN of "0000" and any person using the application can control any Satis toilet by downloading the app and entering the "0000" PIN. An attacker could cause the toilet to flush repeatedly. This would in turn raise and for those who pay water bills could see an increase in costs on their utility bills.

Attackers could also cause the unit to unexpectedly open and close the lid, activate the bidet or air-dry functions. Depending on age and mental status, these acts could not be so funny and could cause fear or general distress, even though the damage is not lethal. According to Trustwave, the manufacturer was notified about the vulnerability.

The Satis line of luxury toilets may cost anywhere from $2,385 to $4,657 depending on the model. They are loaded with features such as automated lids that open and close, heated seats with temperature control, sprays, music, and deodorizers. The line offers a bowel-movement tracker for those concerned with monitoring their health. At the end of last year, Lixil announced that in 2013 it was to add something even smarter, a series of toilets that can be controlled by smartphone.

They said that the My Satis Android app, which communicates with the toilet using Bluetooth, enables the user to operate its various functions using a handset.

News of the vulnerability has attracted many jokes and snarky metaphors. Apart from entertainment value, though, the story is worth noting because the flagged a situation where a household fixture with a live connection to a smartphone can be exploited.

Interestingly, among the recent Black Hat 2013 presentations was one about "home invasion" where Crowley took part, and it had to do with network-connected devices used in homes posing security risks.

"Once upon a time, a compromise only meant your data was out of your control. Today, it can enable control over the physical world resulting in discomfort, covert audio/video surveillance, physical access or even personal harm," said the presentation notes.

Explore further: 'Smart' homes open doors to hackers

More information: www.blackhat.com/us-13/briefings.html#Crowley
www.trustwave.com/spiderlabs/a … ies/TWSL2013-020.txt

Related Stories

'Smart' homes open doors to hackers

July 30, 2013

Smart homes that let residents control alarms, locks and more over the internet are opening doors for crooks with hacker skills, according to computer security specialists.

UN declares World Toilet Day

July 24, 2013

The United Nations on Wednesday declared November 19 as World Toilet Day following a proposal by Singapore whose envoy said he did not care if jokes are made.

Smart home security device gets even smarter over time

July 28, 2013

Wouldn't it be nice to have an intelligent home system you can control from your phone? A system that is smart enough to know what is normal? A system that averts false alarms that fray the nerves of responders? A "smart" ...

Recommended for you

Coffee-based colloids for direct solar absorption

March 22, 2019

Solar energy is one of the most promising resources to help reduce fossil fuel consumption and mitigate greenhouse gas emissions to power a sustainable future. Devices presently in use to convert solar energy into thermal ...

EPA adviser is promoting harmful ideas, scientists say

March 22, 2019

The Trump administration's reliance on industry-funded environmental specialists is again coming under fire, this time by researchers who say that Louis Anthony "Tony" Cox Jr., who leads a key Environmental Protection Agency ...


Adjust slider to filter visible comments by rank

Display comments: newest first

1.5 / 5 (8) Aug 06, 2013
would they really want to spy on you anus?
2.3 / 5 (3) Aug 07, 2013
An attacker could cause the toilet to flush repeatedly...
Attackers could also cause the unit to unexpectedly open and close the lid, activate the bidet or air-dry functions.

And which brain-dead engineer (or more likely product manager) thought it was a good idea to have these functions remotely accessible at all? It's not like you EVER need to activate these while not in the immediate vicinity.
5 / 5 (1) Aug 07, 2013
Maybe some people forget to flush and only remember once they are out the door....
But(t), seriously, the only real 'advantage' that I can see for having one of these kinds of toilets, would be for people with a disability, who can't manage to raise/lower a seat or lid the 'normal' way or do certain other things that it takes to go to the toilet on one's own. Perhaps such a remote function might allow a Carer to do this for them, without having to touch anything potentially germy. But for the rest of us, such an item is a novelty 'show-off' item, not unlike a smart-toaster or fridge with a computer-screen in its door. For a person who only has a basic out-house (often a deep hole in the ground, called a longdrop, with a toilet on top, in a small shed), or more basic, a longdrop w/out the toilet (you stand or squat over it, very dirty), even a regular toilet and a bathroom that is internal to a house can feel like a luxury. Regards, DH66
not rated yet Aug 07, 2013
But, frankly, a dedicated 'traditional' remote control might have been a better idea. Much less hackable and cheaper to replace than a lost mobile phone. Having phones and apps might be handy, but it does tend to produce an overreliance on 'convenience' and 'high-tech' More high-tech does NOT always mean 'better'. It can actually mean more 'problems', as this very example (and many others already talked about on this site), seems to illustrate so well.
Regards, DH66
PS Considering some of the crazy apps already out there, wait for the app that wipes your behind for you! I wouldn't be surprised if someone actually didn't develop one eventually...(smirk, faecious mode on)
3 / 5 (2) Aug 07, 2013
Maybe some people forget to flush and only remember once they are out the door....

There's already auto-flush mechanisms on the market (and since this is a high-end luxury toilet it wouldn't be too much to ask that it has that feature)
Perhaps such a remote function might allow a Carer to do this for them, without having to touch anything potentially germy.

Did my civil service time (instead of the usual, mandatory stint in the army) with disabled people (and kids with hyperactivity speech impediments). If they are THAT disabled that they can't activate a toilet on their own then touching germy buttons is the least of your problems. Remote assistance on the toilet is not a use case.

such an item is a novelty 'show-off' item

This may be a japanese thing. But I can't think of any social situations (or even kinky situations) where I'd show off a remote controlled toilet - especially since we're talking about people with serious disposable income.
not rated yet Aug 07, 2013
I was only being a devil's advocate and trying to think of scenarios where such an item might have a purpose, other than a spurious one. I wasn't actually thinking of psychiatric situations. It was far simpler to picture a double amputee, who might not be wearing their protheses, in the middle of the night. They are usually otherwise mobile and usually capable. How would they flush that thing or wipe themselves. That thing is supposed to have a bidet action too. :)
Cheers, DH66
1 / 5 (1) Aug 07, 2013
Well, if he has his arms amputated then he'll probably have a hard time using his phone. (And somehow I can't see an amputee forgetting their prostheses. It seems like not putting them on is something you'd notice pretty quickly.)

Nah. Can't really think of a use case this 'feature' would be good for.
I think I'm going to google their marketing ploy and find out
2.6 / 5 (5) Aug 07, 2013

Nah. Can't really think of a use case this 'feature' would be good for.
I think I'm going to google their marketing ploy and find out

It's so when you're at the health food store, you can query your toilet as to the qualities of your poos. And it would have sent you the analysis (pun intended) when it was good and ready at your home, via bluetooth.
5 / 5 (1) Aug 07, 2013
Found it:

Well, waddaya know: It already does have auto-flush.

...and double 'power' deodorizers, in-built music as well as ambient lighting system (does anyone shit in the dark?). Sheesh.

No mention of bluetooth capability on their website. But at 5700$ a pop they're pretty pricey.

5 / 5 (1) Aug 07, 2013
Nice site, but you forgot to mention the following feature wrt the nether regions: "Users can also enjoy a massage feature offering both strong and mild streams." So even THAT can be done hands-free and you are already clean by the time you finish. Puts a new slant on 'having a good sit-in'! Some people might really, really enjoy that one. (smirk) Maybe there is a use for this toilet after all.....
I did find a site that mentions a remote-control. It seems that there is a difference between a semi-automatic toilet and a full automatic one. The latter appears to be the one requiring the remote:
Oh, and it wouldn't be the amputee using the phone, it would be the Carer :)
Cheers, DH66

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.