Trustwave has found a security hole in Lilix Satis toilets

Aug 5, 2013 06:41 GMT  ·  By

Security researchers from Trustwave SpiderLabs warn of the possibility of a hack attack against the Lilix Satis toilets, high-tech Japanese toilets that can be controlled remotely with a smartphone via Bluethooth. 

According to the advisory published by the IT security company, the “My Satis” Android application that’s used to control the toilet has a hard-coded Bluetooth PIN.

The PIN, “0000,” can be used to gain remote access to any Satis toilet and control its numerous functions.

“An attacker could simply download the ‘My Satis’ application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner. Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user,” experts noted.

Trustwave identified the issue back in June. Since then, it has attempted to contact the manufacturer three times, but they it hasn’t received a response.