1. Home
  2. Categories
  3. Side Bar WTF
  4. The latest security vulnerability: Your Toilet

The latest security vulnerability: Your Toilet

  • ?

    https://www.trustwave.com/spiderlabs/advisories/TWSL2013-020.txt

    @Toilet Security Warning said:

    The Satis is a "smart" toilet. It is controlled using LIXIL's "My Satis" Android application, which communicates with the toilet using Bluetooth.

    The "My Satis" Android application has a hard-coded Bluetooth PIN of "0000". As such, any person using the "My Satis" application can control any Satis oilet. An attacker could simply download the "My Satis" application and use it to cause the toilet to repeatedly flush, raising the water usage and herefore utility cost to its owner.

    Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user.
    Smart!!

     

    0
  • Ben L.

    It runs Java, right?

    0
  • ?

    @Ben L. said:

    It runs Java, right?
    Because Java is crap!

    0
  • Ben L.

    @El_Heffe said:

    @Ben L. said:

    It runs Java, right?
    Because Java is crap!


    Everything runs Java poop

    0
  • ?

    @Ben L. said:

    @El_Heffe said:

    @Ben L. said:

    It runs Java, right?
    Because Java is crap!

    Everything runs Java poop

     

    0
  • I

    WTF is the point in a so called "Smart Toilet", how is anyome who cannot operate a manual toilet goingt o be able to opperate a smart phone App?

     

    0
  • B

    maybe it's a catch-all for people who get confused between swiping and wiping?

    0
  • dhromed

    Just swipe your card in the crack. Pecunia non olet.

    0
  • skotl

    Eyugh - I wouldn't want to touch that guy's Android phone when he comes out of the bathroom...

    0
  • dhromed

    @skotl said:

    Eyugh - I wouldn't want to touch that guy's Android phone when he comes out of the bathroom...
     

    You don't want to do that anyway, so no difference there.

    0
  • nullptr

    @El_Heffe said:

    An attacker could simply download the "My Satis" application and use it to cause the toilet to repeatedly flush, raising the water usage and herefore utility cost to its owner.

    Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user.


    Wait... we have Bluetooth enabled toilets that allow you to lift the lid and flush remotely?

    WTF, why would you need to do this remotely? Does it send you notifications, like, "Full of Poo!"? Why would you need or even want that?

    0
  • R

    @CodeNinja said:

    @El_Heffe said:

    An attacker could simply download the "My Satis" application and use it to cause the toilet to repeatedly flush, raising the water usage and herefore utility cost to its owner.

    Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user.


    Wait... we have Bluetooth enabled toilets that allow you to lift the lid and flush remotely?

    WTF, why would you need to do this remotely? Does it send you notifications, like, "Full of Poo!"? Why would you need or even want that?

    When you flush, there are small shit fragments thrown in the air. Closing the lid and flushing remotely is a good solution, also you don't have to touch the handle. There is obviously a need for better security but overall this sounds like a good idea, especially if you can hook the app to the hvac and control how much air flow goes in the room.

    0
  • dhromed

    @Ronald said:

    When you flush, there are small shit fragments thrown in the air.
     

    Dude, it's just flushing. I'm not kneading a likeness of my favourite person out of the material.

    0
  • D

    @El_Heffe said:

    It is controlled using LIXIL's "My Satis" Android application, which communicates with the toilet using Bluetooth.

    Situation Comedy:
    Episode 1: You see a man sitting on the toilet (with the "correct" camera angle so you it's PG). Man fumbles with phone, drops phone in said toilet. Man can't flush toilet; can't get phone out of toilet (tries with plunger, you know...) Man can't call the plumber since phone is under water. Man has to go next door to borrow phone from cute female neighbor. When asked why, man stutters in embarrasment. Laugh track.


    Episode 2: Man off camera, to wife: "Sorry, you can't use the toilet now, my phone is out of power"


    Episode 3: Bathroom door is closed. Son's teenage friend comes over, son shows this cool new app he downloaded to friend. Friend takes phone, accidentally clicks on toilet control app. Man comes out of bathroom soaked with water; apparently the toilet bidet function was activated while he was sitting on toilet. Funny rant about technology and why a man can't even take a piss without technology screwing it up. Laugh track.


    Episode 4: Teenage son and friend, outside the house, hunkering down within some bushes. Man shown going into bathroom, uses phone to raise lid on toilet. Cut to teenage son using phone to close lid of toilet. Cut back/forth between man and son, until man gives up, gets in car, and drives to gas station to use the toilet. Laugh track.

    0
  • ?

    @DrPepper said:

    Situation Comedy:
    Hopefeully nobody in the TV industry is here.  It will be on next month.


    Coming in September!

    Can't Get No Satis faction

    Starring Jason Alexander, Kathy Griffin and Carrot Top

    with Don Rickles as Uncle Leo

    0
  • O

    @Ronald said:

    @CodeNinja said:
    @El_Heffe said:

    An attacker could simply download the "My Satis" application and use it to cause the toilet to repeatedly flush, raising the water usage and herefore utility cost to its owner.

    Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user.

    Wait... we have Bluetooth enabled toilets that allow you to lift the lid and flush remotely?

    WTF, why would you need to do this remotely? Does it send you notifications, like, "Full of Poo!"? Why would you need or even want that?

    When you flush, there are small shit fragments thrown in the air. Closing the lid and flushing remotely is a good solution, also you don't have to touch the handle. There is obviously a need for better security but overall this sounds like a good idea, especially if you can hook the app to the hvac and control how much air flow goes in the room.

     

    The target market might include people with OCD, less hygiene-concious spouses, children, or a dorm as a habitat. If you notice an odor that hints at someonehaving forgotten to flush, you can just click in your phone, instead of braving the "cave of 1000 asses"...or what was it named again?

     

    0
  • ender

    @El_Heffe said:

    JavaCard

    0
  • error
    Considered Harmful

    @ender said:

    @El_Heffe said:

    JavaCard

    Wow, that doesn't sound like a terrible idea at all. No, sir.

    0
  • nullptr

    @ender said:

    @El_Heffe said:

    JavaCard



    @Wikipedia said:
    Java Card refers to a software technology that allows Java-based applications (applets) to be run securely on smart cards and similar small memory footprint devices.



    Seems legit. I mean, they say it's secure right there in the description! What could possibly go wrong?

    0
  • galgorah

    @El_Heffe said:

    @DrPepper said:

    Situation Comedy:
    Hopefeully nobody in the TV industry is here.  It will be on next month.


    Coming in September!

    Can't Get No Satis faction

    Starring Jason Alexander, Kathy Griffin and Carrot Top

    with Don Rickles as Uncle Leo

    With Guest stars, Charlie Sheen and William Shatner!

    0
  • ender

    @joe.edwards said:

    Wow, that doesn't sound like a terrible idea at all. No, sir.
    Most smartcards are based on this. There's also a variant that runs .net, and one that runs some sort of BASIC (but not vb.net).

    0
  • dkf
    Discourse touched me in a no-no place

    @galgorah said:

    With Guest stars, Charlie Sheen and William Shatner!
    Ah yes, the wood for the scenery.

    0
  • ?

    @dkf said:

    @galgorah said:
    With Guest stars, Charlie Sheen and William Shatner!
    Ah yes, the wood for the scenery.
    Charlie Sheen already has a TV show.  But we can probably get one of his unemployed brothers cheap.  Time to get a kickstarter going and raise some money for this project.

    0
  • Ben L.

    @El_Heffe said:

    @Ben L. said:

    @El_Heffe said:

    @Ben L. said:

    It runs Java, right?
    Because Java is crap!


    Everything runs Java poop

     


    TRWTF is Windows XP


    Scratch that, TRWTF is JPEGs


    Scratch that, TRWTF is that window managers allow programs to disable their close button

    0
  • lolwtf

    I'm not sure what I'm more baffled by:



    -The fact that apparently this toilet is just always in pairing mode and will happily connect to any nearby device without having to at least press a button on it, like you do for every other Bluetooth device ever

    -The fact that this is a TOILET WITH BLUETOOTH CONTROL.

    0
  • Ben L.

    @lolwtf said:

    -The fact that this is a TOILET WITH BLUETOOTH CONTROL.

    Apparently when you use a toilet you're too far away to control it without a remote. At least that's what the Java people thought.

    0
  • scudsucker

    @lolwtf said:

    I'm not sure what I'm more baffled by:



    -The fact that apparently this toilet is just always in pairing mode and will happily connect to any nearby device without having to at least press a button on it...





    I'm guessing that the entire point is that you don't need to actually touch the toilet with anything but your upper thighs (or not even those, if you are one of those fuckwits who 'hovers' and thereby shits on the seat)

    0
Log in to reply