As if the idea of your computer or smartphone being hacked wasn’t troubling enough, your own toilet could be the next target of a cyber-attack – thanks to a Bluetooth vulnerability with the commode’s Android app.
Increasingly, electronics manufacturers are pushing “always-connected” devices that can be controlled by smartphones via companion applications. Smart TVs, washing machines, air conditioning units, and even light bulbs can be controlled remotely, as long as Wi-Fi or Bluetooth has them tethered to a smartphone. The added convenience comes with added risk, as any device with a live connection could potentially be exploited by a savvy hacker.
Information security firm Trustwave posted an advisory earlier this week warning consumers of a Bluetooth security vulnerability that targets a specific range of Japanese luxury toilets. The weakness would allow anyone with an Android-powered smartphone to remotely operate any Inax Satis toilet with the My Satis app – due to the fact that the company hard-coded every porcelain throne with a Bluetooth PIN of “0000.”
High-tech toilets are a common sight in Japan. Western tourists to the Land of the Rising Sun are often mystified by the array of features that these super toilets offer – from the basic bidet and heated seat functions, to the otohime (“princess sound”) that masks any embarrassing sounds.
So what functions can a user control with the My Satis app? “Apart from activating the flush and checking in on the detailed defecation records stored by the commode, you can also activate the toilet's bidet and drying functions, summoning a jet of water or hot air from below,” reported The Verge.
While the vulnerability doesn’t necessarily put a user in danger, Trustwave pointed out that an attacker could cause a target’s utility bills to increase by continually forcing the toilet to flush. The worst that the bidet function could cause is “discomfort or distress” – and water damage for anyone who forgets to put the toilet’s lid down.
“These are the dangers of putting computers in objects that did not used to have computers,” said The Atlantic.
Trustwave has reached out to Inax regarding the potential security flaw, but the company has yet to issue a response. The Inax Satis toilet sells for about $4000.