App Vulnerability Could Cause Toilet Terror

Smart toilet? Ha, more like scary toilet that can suddenly run amuck and squirt water up your butt.

Last December, Kotaku reported that Inax, a Japanese toilet brand, was rolling out an Android app called My Satis for the teched out Satis toilet. The app allows people to do basic things like flush (and select how much water they want to use), as well as operate the toilet's bidet and adjust water pressure via Bluetooth. Note the word "Bluetooth". It's important!

An iOS version is planned, and, so far, it seems like only the Android app has been released for Japan.

Security company Trustwave Holdings recently reported that the app has a fatal flaw that could cause all sorts of crap to go wrong.

Here are Trustwave's findings:

The "My Satis" Android application has a hard-coded Bluetooth PIN of "0000" as can be seen in the following line of decompiled code from the application:

BluetoothDevice localBluetoothDevice =

BluetoothManager.getInstance().execPairing(paramString, "0000")

What does this mean? According to Trustwave, it means anyone with a My Satis application could control any Satis toilet by simply downloading the app and entering the "0000" pin.

"Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user," Trustwave states.

Toilet lids closing on you! Random flushing! Wet backsides! And the fact that My Satis allows people to control the water pressure, too, means that this could be much, much worse.

App Vulnerability Could Cause Toilet Terror

What's the world coming to when you can't even rest in the restroom and when hi-tech Japanese toilets aren't safe? Dark times, that's what. No word if Inax is going to flush out these possible problems with a patch. Until then, you might be safer on an analog throne.

Hard-Coded Bluetooth PIN Vulnerability in LIXIL Satis Toilet [Trustwave via Yahoo! Japan]

To contact the author of this post, write to bashcraftATkotaku.com or find him on Twitter @Brian_Ashcraft.

Kotaku East is your slice of Asian internet culture, bringing you the latest talking points from Japan, Korea, China and beyond. Tune in every morning from 4am to 8am.