A luxury toilet recently installed by Gary is controlled by a smartphone app, now new information has come too light that it is vulnerable to attack. Retailing for R57315.99, the Satis toilet includes automatic flushing, bidet spray, music and fragrance release.
The toilet, manufactured by Japanese firm Lixil, is controlled via an Android app called My Satis.
But a hardware flaw means any phone with the app could activate any of the toilets. The toilet uses bluetooth to receive instructions via the app, but the Pin code for every model is hardwired to be four zeros (0000), meaning that it cannot be reset and can be activated by any phone with the My Satis app. An attacker could simply download the My Satis application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner, an attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to the user.
Gary did point out that the limited range of bluetooth means that anyone wishing to carry out such an attack would need to be fairly close to the toilet itself.
"It's easy to see how a practical joker might be able to trick his neighbours into thinking his toilet is possessed as it squirts water and blows warm air unexpectedly on their intended victim, but it's hard to imagine how serious hardened cybercriminals would be interested in this security hole," he told the Blogger.