Could hackers seize control of peoples’ toilets? It may seem like a silly question, but an increasingly connected world of smart devices is opening up new software security threats just about everywhere, including the restroom. Researchers at security company Trustwave Holdings recently announced they had discovered a vulnerability in a smart toilet app, underscoring the ubiquity of cybersecurity threats and giving hope to intrepid pranksters.
High-end Japanese toilet brand Satis makes a smart commode that can be controlled via an Android app called My Satis, Kotaku reported. The app allows owners to flush their toilet, adjust water levels and pressure, operate the bidet function and more via a Bluetooth connection. However, the application is hard-coded to include the default Bluetooth PIN “0000,” meaning that anyone with the My Satis app can seize control of any nearby toilet.
“An attacker could simply download the ‘My Satis’ application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner,” Trustwave warned in a security advisory. “Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user.”
While no patch currently exists, those availing themselves of the necessary can likely find a workaround by using a traditional, analog toilet. The stakes are relatively low, given the unlikely threat of a toilet hacker, but the flaw does hint at risks that go beyond the toilet bowl.
With the increasing prevalence of smart devices, more and more elements of the household will need to take software security into account. Some extra toilet flushes may not be particularly dangerous, but poorly configured smart devices on a network could provide an entry point to more sensitive data. As a result, all types of vendors will need to build more security into their products as they incorporate new software capabilities. Using tools such as static analysis software, manufacturers can implement a secure coding lifecycle and catch errors before they go live.
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.