{"id":2424,"date":"2013-10-08T10:08:32","date_gmt":"2013-10-08T14:08:32","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=2424"},"modified":"2020-02-26T18:57:51","modified_gmt":"2020-02-26T14:57:51","slug":"hacking-a-toilet","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/hacking-a-toilet\/2424\/","title":{"rendered":"Hacking A&#8230;Toilet"},"content":{"rendered":"<p>Go ahead and add toilets to the increasingly long list of <a href=\"https:\/\/www.kaspersky.com\/blog\/securing-the-internet-of-things\/\" target=\"_blank\" rel=\"noopener nofollow\">hackable consumer devices<\/a> we\u2019ve been compiling here on <a href=\"https:\/\/www.kaspersky.com\/blog\/\" target=\"_blank\" rel=\"noopener nofollow\">the Kaspersky Daily<\/a>.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2013\/10\/05102020\/toilet_title_EN.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-2864\" alt=\"toilet_title_EN\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2013\/10\/05102020\/toilet_title_EN.jpg\" width=\"640\" height=\"420\"><\/a><\/p>\n<p>In fact, one of the researchers at <a href=\"https:\/\/www.kaspersky.com\/blog\/black-hat-security-conference\/\" target=\"_blank\" rel=\"noopener nofollow\">this year\u2019s Black Hat security conference<\/a> touched on the subject briefly in a press conference at the event. While I would have loved to have written about it at the time, <a href=\"https:\/\/www.kaspersky.com\/blog\/podcast-mobile-hacks-on-blackhat\/\" target=\"_blank\" rel=\"noopener nofollow\">I ultimately decided to focus on more impactful stuff<\/a>, but I made a mental note and promised myself that I would come back to it.<\/p>\n<p>Some researchers from Trustwave, an application security firm, issued a security advisory back in August, warning users that the SATIS smart toilet Android application contained a hard-coded <a href=\"https:\/\/www.kaspersky.com\/blog\/bluetooth-security\/\" target=\"_blank\" rel=\"noopener nofollow\">BlueTooth<\/a> verification pin. The pin is \u201c0000,\u201d and entering it could allow an attacker within BlueTooth range to manipulate some of the toilet\u2019s features. Once that pin is entered, one Android device can communicate via BlueTooth with any number of Satis smart toilets in range.<\/p>\n<p>In brief, owners of these smart toilets are exposing themselves to serious practical joke- and unfortunate accident-related risks.<\/p>\n<div class=\"pullquote\">It\u2019s not exactly hacking an insulin pump or a car, but a remotely triggered toilet malfunction sounds pretty awful to me.<\/div>\n<p>More specifically, an attacker, if one ever desired to do so, could install the \u201cMy Satis\u201d app, enter the BlueTooth pin, pair their device with however many Satis smart toilets are within range (and let\u2019s be honest: if you have one Smart toilet, you have multiple smart toilets), and launch a handful of attacks ranging from the marginally troubling to the outright devastating. The attacker could \u2013 in Trustwave\u2019s words \u2013 \u201ccause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner.\u201d<\/p>\n<p>More concerning yet (at least to me), an attacker could compel the Satis smart toilet\u2019s lid to open and close or even activate the bidet or air-dry functionalities \u2013 again, in Trustwave\u2019s words \u2013 \u201ccausing discomfort or distress to user.\u201d<\/p>\n<p>It\u2019s not exactly hacking an <a href=\"https:\/\/www.kaspersky.com\/blog\/hacking-humans\/\" target=\"_blank\" rel=\"noopener nofollow\">insulin pump<\/a> or <a href=\"https:\/\/www.kaspersky.com\/blog\/car-hacking\/\" target=\"_blank\" rel=\"noopener nofollow\">a car<\/a>, but a remotely triggered toilet malfunction sounds pretty awful to me.<\/p>\n<p>I am not sure what you can do to protect yourself on this one. It appears that the company that develops the Satis smart toilet, LIXIL, has not yet fixed this bug. I guess you send them a barrage of emails demanding they do so, that\u2019s one option. These toilets also have a thing called \u201cpairing mode\u201d apparently. The guys at Trustwave say that the hard-coded pin and the Android app will only work if the toilets have this \u201cpairing mode\u201d feature enabled. They say you could still cause a toilet to pair with an Android device even if pairing mode is off, but this would only be possible \u201cby observing Bluetooth traffic to learn the toilet\u2019s hardware address and pair with the toilet,\u201d and that sounds pretty complicated. So, on one hand, it\u2019s probably a pretty good idea to turn off pairing mode, but, on the other hand, what is the point of owning a smart toilet if you can\u2019t send it commands from your mobile device. It\u2019s a complicated world\u2026<\/p>\n<p>I can\u2019t say for certain, there are a lot of strange people out there after all, but I have to think most Satis users will be safe from these attacks \u2013 given there aren\u2019t too many pranksters in the house. There isn\u2019t much monetary incentive to turn on the bidet when someone is using the toilet. The hard reality here is that Satis users are just going to have to live the fact that multiple Android devices can communicate with a single toilet, allowing pretty much anyone within range to accidentally (or not-so-accidentally) initiate one of the toilet\u2019s features through the My Satis app on his or her Android device.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Go ahead and add toilets to the increasingly long list of hackable consumer devices we\u2019ve been compiling here on the Kaspersky Daily. In fact, one of the researchers at this<\/p>\n","protected":false},"author":42,"featured_media":2425,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[82],"class_list":{"0":"post-2424","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-hacking"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/hacking-a-toilet\/2424\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/hacking-a-toilet\/2525\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/hacking-a-toilet\/2657\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/hacking-a-toilet\/2500\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/hacking\/","name":"hacking"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2424","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=2424"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2424\/revisions"}],"predecessor-version":[{"id":15633,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2424\/revisions\/15633"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/2425"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=2424"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=2424"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=2424"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}