View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Networks
August 5, 2013

Makers of toilet with remote flush left to blush over hardware fault

Luxury loos controlled by Android app ‘can be accessed by anyone’.

By Joe Curtis

Toilets controlled remotely by an app are vulnerable to attack, security experts have warned.

The luxury Satis toilet offers automatic flushing, a bidet spray as well as music to serenade customers while they are doing their business.

The toilet, which sells for up to £3,821, is controlled by an Android app called My Satis.

But a flaw means any phone with the app could activate any of Japanese firm Lixil’s Satis toilets, according to Trustwave’s Spiderlabs security experts.

The app send instructions to the toilet via Bluetooth, but the pin code allowing every toilet and app to communicate is the same, meaning any toilet can be accessed by anyone with the app.

And because the code is 0000, it cannot be reset, and so there is no patch to fix it, added the experts.

Their report said: "An attacker could simply download the "My Satis" application and use it to cause the toilet to repeatedly flush, raising the water usage and, therefore, utility cost to its owner.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

"Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU