Are you vulnerable to toilet attack?
You know what it’s like. You’re going for your morning evacuation and your luxury smart toilet starts flushing on its own. You wonder whether there’s a manufacturing problem. Then you realise it’s the work of your most hated business rival, who is flushing your toilet remotely using his Android app. He wants you to waste water! He’s trying to cause you discomfort by activating the bidet function up your jacksy! He’s closing the lid just as you sit down on it! Why I oughtta!
Well, this is an actual problem in real life, thanks to a design flaw in the Satis smart toilet, which retails for over $5000. Made in Japan by a company called Lixil, it can be controlled by Bluetooth via a smartphone app called ‘My Satis.’ The only problem is, the pin code for each model is factory set to 0000, which means it can’t be reset, so ANYONE could activate any toilet if they have the app.
Security experts at Trustwave Spiderlabs are so worried about it that they've published a report outlining the frightening risks to toilet users. ‘An attacker could simply download the My Satis application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner.’
However, British security expert Graham Cluley played down the concerns, explaining that the limitations of Bluetooth mean you’d probably have to be quite near the toilet to activate it.
‘And it's hard to imagine how serious hardened cybercriminals would be interested in this security hole.’
(Huh huh. He said 'hole'.)
Still, I suppose it IS a form of cyber attack, and one for action movie scriptwriters to consider. Picture the scene. Jason Bourne wakes up not knowing who he is, with a toilet that flushes on its own and a prohibitively large bill from Thames Water.