UPDATE: A rep for Lixil, the company behind the toilet in question, tells Consumerist that American consumers need not worry about hacked toilets. “The Bluetooth technology is only available in Japan and does not apply to the INAX products sold in the U.S.A.,” says the rep in a statement.
If your high-tech toilet has been freaking out — lid going up and down, constantly flushing — it probably isn’t possessed by Gozer the Gozerian, but is probably just being remotely controlled by that snotty kid next door who refuses to make eye contact with you when you say hello.
The folks at security firm Trustwave say there is a rather obvious vulnerability with the technology used in the $5,900 Inax Satis smart toilet that leaves the pricy commode open to obnoxious hack attacks.
According to Trustwave, the Android app used to control the Satis has a hard-coded Bluetooth PIN of “0000,” which means that…
“any person using the ‘My Satis’ application can control any Satis toilet. An attacker could simply download the ‘My Satis’ application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner.
“Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user.”
Trustwave says it told Inax about the vulnerability but has received no response. Likewise, our comment request to the company has also gone unanswered, though we will update if we hear back.
Holy sh*t! Smart toilet hack attack! [ArsTechnica]