Hack That Ass Up: Pricey Smart Toilets Vulnerable to Attack
Getting hacked is a bummer and can leave you feeling violated, but we can only imagine what it's like to get hacked in the most sacred room of the house: the bathroom. For those who own a luxury Satis toilet controlled by an accompanying smartphone application, it's entirely possible to fall prey to a hacker attack while you're doing your business.
These toilets cost in the neighborhood of $5,700 and feature automatic flushing, bidet spray, music, and even a fragrance release. Unfortunately, it also features a hardware flaw that could allow remote hackers to activate any of the toilets.
Researchers at Trustwave's Spiderlabs first noticed the vulnerability, pointing out that the toilet uses Bluetooth to communicate with the smartphone app and that every model is hardwired to be four zeros. This allows anyone with the app to reset the toilet and activate it.
"As such, any person using the 'My Satis' application can control any Satis toilet," Trustwave explains. "An attacker could simply download the 'My Satis' application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner."
An ornery attacker could also cause the toilet lid to unexpectedly open and close as well as activate the bidet or air-dry functions, "causing discomfort or distress to the users."
Since all this relies on Bluetooth technology, the attacker would have to be fairly close to pull off any of these stunts. That means the most likely scenario for these shenanigans would be that of a prankster, such as a brother messing around with this sister or vice versa.
Still, there's a lesson to be learned here. As more and more appliances become "smart," manufacturers will have to start paying special attention to security and any potential vulnerabilities.
These toilets cost in the neighborhood of $5,700 and feature automatic flushing, bidet spray, music, and even a fragrance release. Unfortunately, it also features a hardware flaw that could allow remote hackers to activate any of the toilets.
Researchers at Trustwave's Spiderlabs first noticed the vulnerability, pointing out that the toilet uses Bluetooth to communicate with the smartphone app and that every model is hardwired to be four zeros. This allows anyone with the app to reset the toilet and activate it.
"As such, any person using the 'My Satis' application can control any Satis toilet," Trustwave explains. "An attacker could simply download the 'My Satis' application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner."
An ornery attacker could also cause the toilet lid to unexpectedly open and close as well as activate the bidet or air-dry functions, "causing discomfort or distress to the users."
Since all this relies on Bluetooth technology, the attacker would have to be fairly close to pull off any of these stunts. That means the most likely scenario for these shenanigans would be that of a prankster, such as a brother messing around with this sister or vice versa.
Still, there's a lesson to be learned here. As more and more appliances become "smart," manufacturers will have to start paying special attention to security and any potential vulnerabilities.
