A luxury toilet has developed an interesting vulnerability. Users can interact with their Statis Satis toilet (ahem) by smartphone. But so can any user with the Satis smartphone app.
The toilet uses bluetooth to receive instructions via the app, but the Pin code for every model is hardwired to be four zeros (0000), meaning that it cannot be reset and can be activated by any phone with the My Satis app, a report by Trustwave's Spiderlabs information security experts reveals.
Oh yes. Like the toilet's website says, "Satis takes you to an unimagined new level." The possibilities:
"An attacker could simply download the My Satis application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner," it says in its report.
"Attackers could [also] cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to [the] user."
Pranks and accidents galore. Now imagine situations where the toilet acts up, but there's nobody else nearby.
"It's easy to see how a practical joker might be able to trick his neighbours into thinking his toilet is possessed as it squirts water and blows warm air unexpectedly on their intended victim...
(image from the Satis site, which has some other gems)