There is an old (very old) adage that says: if you connect it to the internet, it can be hacked. A more accurate one would be; if you can interact with it in any way, it can be hacked. We have seen this time and time again as the idea of remote administration and monitoring has taken off like a rocket. So far everything from Bluetooth keyboards to Wi-Fi accessible pace makers have been laid out to exploit. The makers of these products were only thinking of making these easier to use and keep track of. They never imagined that someone would use that same connection for malicious purposes (or simply did not bother to prepare for that). When many of these products were developed the idea of hacking on the level we see it was the stuff of fantasy so some of their failures can be excused (as long as they fix the issues). However, what cannot be forgiven is the continued lack of forethought when it comes to newer connected devices; especially something like a smart toilet.
However, the makers of a new smart toilet LIXIL (the model is the Satis) appear to have failed to protect their device. Now if you are thinking that the flaw here is something that only hardcore hackers can use then you will be rather upset. Instead it is a Bluetooth flaw so basic that LIXIL should be embarrassed that it even exists. The Satis is a smart toilet and as such it can be controlled remotely via an accompanying app called the My Satis (why anyone would want this is beyond me). This app connects to the toilet Via Bluetooth and allows you to control various functions including a water jet function, opening and closing the lid, air dry feature, massage (?), and even flushing the toilet. You can do quite a lot with this app, and the gang over at LIXIL hardcoded the security code for the Bluetooth connection to 0000… yes that means that ANYONE that has the app and a Bluetooth enabled smartphone can access and control your toilet.
Can you imagine the havoc someone could cause with this? You thought not having any toilet paper was bad; well imagine someone turning on the water jet in the middle of you… um doing your business. It would be a rather messy situation indeed. Although we are still at a complete loss as to why anyone would want a remote controlled “smart” toilet this is an issue that will need to be resolved for those that do. LIXIL should have anticipated that someone (jokingly or otherwise) would be interested in hacking (if this simplistic flaw can be called hacking) something as amusing as a remote controlled toilet and planned accordingly. Well there you have your dose of toilet humor for the day…
Tell us what you think about this in our Forum