Aw Crap, Toilets are Hackable

Remember when we only had to worry about our computer being hacked? Those were the days. Unfortunately, as technology improves and an ever-increasing number of otherwise mundane devices are outfitted with microchips and wireless connections, we’ve also seen a rise in security vulnerabilities in everything from mobile phones to pacemakers. And now, sadly (or hilariously), even our toilets aren’t safe.

Security company Trustwave issued an advisory last week that LIXIL’s Satis line of smart toilets is vulnerable to hackers with a penchant for pranks. Among the many vital features of the toilets are the capabilities to play music, raise the lid, flush, and operate the bidet with a Bluetooth connection and an Android app. Unfortunately for the unsuspecting toilet enthusiast, LIXIL hard-coded the Bluetooth PIN “0000” into all of their toilets. This means that any ne’er-do-well with a smartphone can download the “My Satis” app and control any Satis toilet.

An attacker could simply download the "My Satis" application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner.  Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user. [Trustwave]

Here at SumRando, we’re wondering why anyone would need to remotely access a toilet. Perhaps they just like a fresh bowl?

And while hacking a toilet may be laughable for the security-minded (or anyone), the widespread neglect of basic security precautions in non-traditional wireless devices is a serious issue. Things like computer-controlled power grids, remote-controlled pacemakers, and digital medical records have dramatically improve our quality of life through greater efficiency and accuracy. But as we increase our connectedness, we also open ourselves up to substantial risk. Moving forward, it is essential that we include security and privacy in any discussion relating to technology. Unless we establish and prioritise cybersecurity best practices, we could find our progress flushed down the tubes.

You can try SumRando for free here.