Toilet DOS

A humorous news today as we are in holiday period.

imageJapanese toilets are known to be extremely sophisticated.  Company LIXIL sells Bluetooth powered toilets under the brand name SATIS.  There is even an application (My Satis) available on Google Play that drives your toilet from your android phone.You can select the music played by the toilets, open or close the lid, and managed many other features. 


Where is the relation with security?  Security company, Trustware Spiderlabs, issued on August 1 a security advisory about LIXIL Satis Toilet!  The application uses a hardcoded PIN at ‘0000’.   In other words, any body with the application and in the range of the toilet can take control over the toilet.   I let you imagine interesting hacking scenarios…  According to the security advisory,

Attackers could cause the unit to unexpectedly open/close the lid, activate
bidet or air-dry functions, causing discomfort or distress to user.

In other word, a new breed of Denial Of Service… Sarcastic smile

What I would like to understand is how a security analyst decided to have a look at the security of a toilet?  Nevertheless, it shows that security is not taken seriously today in most of consumer devices, although they are more and more connected.  As a proof, LIXIL did not react to this advisory for more than six weeks.

Thanks to MY for the pointer Open-mouthed smile

Leave a Reply

Your email address will not be published. Required fields are marked *