Security experts have warned the high-tech loo, which can
play music and release fragrances, is vulnerable to cyber practical joker
A luxury toilet that is controlled by a smartphone could
give users a fright because it is vulnerable to attack by hackers.
Blasts of warm air or squirts of water could unexpectedly
surprise people as they go about their business , experts have warned.
Manufactured by Japanese firm Lixil, the Satis toilet
connects to Android app, My Satis, via bluetooth and allows users to flush,
play music and release fragrances.
However a report by information security experts,
Spiderlabs, say a hardware flaw could allow any phone within range to control
the £3,800 loo.
The pin code for every model was hardwired to 0000, making
the luxury lavatory a security hazard.
The report says: “An attacker could simply download the My
Satis application and use it to cause the toilet to repeatedly flush, raising
the water usage and therefore utility cost to its owner.
“Attackers could [also] cause the unit to unexpectedly
open/close the lid, activate bidet or air-dry functions, causing discomfort or
distress to [the] user.”
The limited range of bluetooth means that anyone wishing to
carry out such an attack would need to be fairly close to the toilet itself.
Security expert Graham Cluley said: “It’s easy to see how a
practical joker might be able to trick his neighbours into thinking his toilet
is possessed as it squirts water and blows warm air unexpectedly on their
intended victim, but it’s hard to imagine how serious hardened cybercriminals
would be interested in this security hole.
“Although this vulnerability seems largely harmless, what’s
clear is that companies building household appliances need to have security in
mind just as much as computer manufacturers.”
