A vulnerability in a toilet-control app leads to an unusual warning about potential bathroom hacking hijinks.
By: Amanda Kooser
Privacy has been big news lately after revelations of NSA activities hit hard. But apparently it's not just your phone calls and Internet activity you need to be concerned about. There could be hackers gunning for your toilet, too.
Security company Trustwave issued a warning about potential bathroom breaches of luxury Satis smart toilets from Lixil. The toilets can be controlled using an Android app, but the Bluetooth PIN is hard-coded to "0000." Just knowing that code number means the awesome power of the Satis could fall into evil hands. All a hacker would have to do is download the My Satis app, get in range, pair it to the toilet using the code, and flush away.
The Android app lets toilet aficionados trigger activities such as flushing and playing music. If a malicious hacker got in Bluetooth range and took control of your toilet, all sorts of havoc could ensue. You might have to listen to the combined sounds of Justin Bieber and constant flushing while you're trying to do your business.
"Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user," Trustwave cautions. Trustwave made several attempts to contact Lixil for a response, but the company has not yet commented on the issue.
The bigger mystery here may be why someone would want a remote control to flush a toilet, but it could be handy for absent-minded toilet users or germaphobes who want to minimize contact with the porcelain throne. With a starting price of around $2,400, you will pay for the privilege.
The security issue is real, though it's hard not to snicker about it. Perhaps an app update will take care of this matter of national security. If you've already been impacted by this issue, then you can finally rest easy knowing your toilet isn't haunted. It's just been hacked.