One might presume the bathroom would be safe from online miscreants - one would presume wrong.
A security bulletin from Trustwave SpiderLabs tells of a flaw in the Android-based software that controls one of these new-fangled smart toilets that will let anyone bent on creating pure mayhem make the commode go absolutely nuts.
[RELATED: 11 High-Tech Toilets: The Videos]
The dirty details from SpiderLabs:
The "My Satis" Android application has a hard-coded Bluetooth PIN of "0000" as can be seen in the following line of decompiled code from the application:
BluetoothDevice localBluetoothDevice = BluetoothManager.getInstance().execPairing(paramString, "0000")
As such, any person using the "My Satis" application can control any Satis toilet. An attacker could simply download the "My Satis" application and use it to cause the toilet to repeatedly flush, raising the water usage and therefor utility cost to its owner.
Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user.
"It's easy to see how a practical joker might be able to trick his neighbors into thinking his toilet is possessed as it squirts water and blows warm air unexpectedly on their intended victim, but it's hard to imagine how serious hardened cybercriminals would be interested in this security hole," security expert Graham Cluley told the BBC in a report about the toilet. "Although this vulnerability seems largely harmless, what's clear is that companies building household appliances need to have security in mind just as much as computer manufacturers."
Check out these other hot stories: