Now even toilets aren’t safe from hacking

  • @susborne

In the latest messy development from the world of hacking, an information security firm has warned that a hi-tech Japanese toilet is vulnerable. What could possibly go wrong?

The £4,000 Satis loo, made by Lixil, is so advanced that users may control it with a mobile phone app (it ought to be called crAPPr but Lixil went with “My Satis”) that can activate functions including a bidet spray, motorised seat and music player.

The problem, warns the US company Trustwave, is that loos have the same pin number, which cannot be changed, allowing anyone with the app to control any nearby Satis toilet.

“Attackers could cause the unit to unexpectedly open the lid, activate bidet or air-dry functions, causing discomfort or distress to the user,” it said.

It’s hard to imagine any reason to hack a loo other than as part of some messy prank, but the rise of wirelessly controlled devices is presenting real and even deadly threats.

Barnaby Jack, a hacker who sought to expose security flaws in such gadgets, was due to demonstrate this month how a pacemaker could be hacked to increase heart rates to fatal levels from 50 feet away (think that episode of Homeland).

But Jack, who had previously hacked cash machines and said that defibrillators and insulin pumps were also vulnerable, was found dead in a San Francisco apartment last month. A cause of death has not yet been established, while conspiracy theories rage.

Equally alarmingly, researchers at the University of Texas have shown how ships or even military drones that rely on GPS navigation systems can be hacked and then steered without raising alarms using low-cost equipment.