The Satis toilet has a gaping security hole
If you just spent $5,600 on a brand new Japanese-made robotic toilet that can be controlled via an Android app, we have some very bad news for you – and some great news for the few friends you have left after that purchase.
We’re talking about the Satis toilet, made by the Japanese firm Lixil. The Satis toilet can be controlled by an Android app called “My Satis” which allows users to remotely flush, release soothing odors, enable music and a lot of other things, via Bluetooth.
But a research firm has found quite a gaping security flaw in the toilet’s programming which would allow your friends a remote attacker to control your toilet with any Android device. The problem lies in the fact that the Bluetooth PIN used to identify controlling devices is hardwired to be 0000, and can’t be changed or reset. This means that anyone with an Android phone that’s close enough can connect to the toilet and start messing about. The report warns:
"Attackers could [also] cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to [the] user."
It’s obvious that this is a very serious threat in today’s hyper-connected world, and one that we’ll have to watch out for when you can't even enjoy a few minutes on the throne anymore. Of course the easiest way to fix this flaw would be to simply not buy a $5.600 robotic toilet that’s controllable via an Android app.