×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Latest Security Vulnerability: Your Toilet

samzenpus posted about 8 months ago | from the reverse-the-flow dept.

Japan 211

NobleSavage writes "We all knew it was just a matter of time. With the rush to put more and more appliances on-line Japanese toilet-maker Satis, one of Japan's largest commode companies, has finally networked the toilet. Just as you would have predicted, the information security company Trustwave Holdings has published an advisory regarding Satis-brand toilets. According to Trustwave, every Satis toilet has the same hard-coded Bluetooth PIN, which means any person using the 'My Satis' [Android] application can control any Satis toilet."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

211 comments

obligatory (5, Funny)

kcmastrpc (2818817) | about 8 months ago | (#44472637)

oh shit!

Re:obligatory (1)

Anonymous Coward | about 8 months ago | (#44472755)

The security of that thing is down the drain.

Re:obligatory (5, Funny)

Jetra (2622687) | about 8 months ago | (#44472807)

I heard of crapware, but this takes the cake.

Re:obligatory (0)

c0lo (1497653) | about 8 months ago | (#44472949)

oh shit!

Business opportunities:
* security suite for crapware
* cyber insurance [slashdot.org]
* ultimately, government intervention for "Too big to FALL" cases. Bonus points for TSA "pat down" and FBI infiltration [slashdot.org]. Careful with whistle-blowers though, the fan is on.

Re:obligatory (0)

Anonymous Coward | about 8 months ago | (#44473455)

* ultimately, government intervention for "Too big to FLUSH" cases. Bonus points for TSA "pat down" and FBI infiltration [slashdot.org]. Careful with whistle-blowers though, the fan is on.

^ FTFY

Re:obligatory (1)

Anonymous Coward | about 8 months ago | (#44473631)

"I Pee" spoofing at its worst. And imagine the kernel dumps if you run the Korn shell.

"We all new" (5, Insightful)

Anonymous Coward | about 8 months ago | (#44472671)

I stopped reading right there.

Re:"We all new" (1)

ls671 (1122017) | about 8 months ago | (#44472827)

We're all new, it was just a matter of time.

Here, fixed it.

I am glad the new age finally begins.

Re:"We all new" (1)

agm (467017) | about 8 months ago | (#44473049)

Indeed. Are any articles reviewed before being posted? It would appear not - either that or neither the poster nor the reviewer can speak the good England.

hackers control toilets (-1, Redundant)

frovingslosh (582462) | about 8 months ago | (#44472679)

Oh shit

Re:hackers control toilets (3, Funny)

ls671 (1122017) | about 8 months ago | (#44472879)

All kinds of agencies will now be able to gather more very valuable information about yourself too...

Heck even Google will now be able to target you with diarrhea ads instantaneously! Insurance companies can now tell that you are an heavy beer drinker etc. Possibilities are endless...

Hey, now the DEA can oin the NSA... (1)

Ellis D. Tripp (755736) | about 8 months ago | (#44473241)

in the illegal spying. game. They just need to have the company install a networked trace metabolite and flushed contraband detector.

Re:hackers control toilets (3, Interesting)

fermion (181285) | about 8 months ago | (#44473941)

This is pretty common. For instance some people permanently place ODB devices in their cars that hook up with bluetooth or wireless. The setup on these devices may or may not be the same key. Both broadcast, so one can potentially hack into a car.

The threat on these, really, does exist. In certain situation susceptibility to traffic analysis is a security risk. For instance, in a home invasion, assuming that one washing after going to the toilet, it might provide an interval of venerability.

Did you bidet? (0)

Anonymous Coward | about 8 months ago | (#44472683)

Thousands of people in Japan are getting hot water sprayed up their asses right now. In other news, some Japanese toilets can be hacked.

Re:Did you bidet? (3, Funny)

ebno-10db (1459097) | about 8 months ago | (#44473445)

Thousands of people in Japan are getting hot water sprayed up their asses right now.

Do they consider that desirable or undesirable? Japanese culture has always been a bit difficult for me to understand.

Re: Did you bidet? (0)

Anonymous Coward | about 8 months ago | (#44473537)

Bidets are common in a lot of places. They keep your ass far cleaner than wiping.

Re: Did you bidet? (1)

TheSeatOfMyPants (2645007) | about 8 months ago | (#44473971)

Not if you know how to wipe properly & have decent TP. The benefit in bidets is that they avoid the risk of getting germs on your hands; most people that grew up using TP know how to use it to get their butts completely clean under normal circumstances.

Re:Did you bidet? (1)

TheSeatOfMyPants (2645007) | about 8 months ago | (#44473877)

Thousands of people in Japan are getting hot water sprayed up their asses right now.

Do they consider that desirable or undesirable? Japanese culture has always been a bit difficult for me to understand.

Well, *up* the ass wouldn't be, but *on* the ass would be desirable (if it's not too hot) since it's the expected function of a bidet. (I've never used or even seen one, all I did was read the Wikipedia article [wikipedia.org].)

Modding... (1)

Anonymous Coward | about 8 months ago | (#44472699)

Cannot wait for the modding community to start their work.

rly? (0)

Anonymous Coward | about 8 months ago | (#44472715)

Great the way Trustwave publishes that they missed the point these things were designed to be as simple as possible.

Re:rly? (5, Funny)

icebike (68054) | about 8 months ago | (#44472933)

Great the way Trustwave publishes that they missed the point these things were designed to be as simple as possible.

As "simple as possible" would be to leave the bluetooth OUT of the commode.

We've had flush toilets (of one form or another) since the 31st century BC.
None of my electronic devices need to communicate with my toilet. They pretty much live in fear of that dam thing.

Re:rly? (0)

Anonymous Coward | about 8 months ago | (#44473291)

They pretty much live in fear of that dam thing.

If your toilet is damming up that much, you should reconsider your diet.

Does this piss you off? (0)

Anonymous Coward | about 8 months ago | (#44472723)

Well that just gives me the shits!!!

The NSA (4, Funny)

girlintraining (1395911) | about 8 months ago | (#44472733)

The NSA reports it just upgraded the terror alert level to brown after receiving numerous reports that people are using single-ply and not washing their hands after. Remain calm, citizen. The NSA is not in your toilet. Only metadata on your toilet habits are being collected. Remember, a courtesy flush isn't just patriotic, It's The Law(tm).

Re:The NSA (1)

bejiitas_wrath (825021) | about 8 months ago | (#44472767)

Just like the infamous Reverse Cowgirl episode of South Park where the TSA took over the toilets: south-park-new-episode-takes-tsa-toilet-seat-gender-war-video-425858 That could happen too... Remember to wear your safety belt.

As John Crapper intended? (0)

Anonymous Coward | about 8 months ago | (#44472735)

How complicated does a toilet need to be?

Honestly they bing this kind of thing on themselves.

Don't add features you don't want someone to try an exploit.

Re:As John Crapper intended? (1)

TWX (665546) | about 8 months ago | (#44472821)

Heh. I like my toilets more complicated than a short, narrow trough in the ground, but a large portion of those that even have flush toilets have just that...

The only existing fancy technology from a use-perspective that makes sense is the integrated bidet. The new types of technology that can make the toilet experience better have only to do with form factor. Changing the shape of the seat and the size of the opening, and changing the height of the bowl. In short, these changes would make the toilet less uncomfortable to sit on, and will allow one to get off of the toilet if one is infirm.

I don't see how using the toilet is improved by being a multimedia experience, though I suppose it would be funny if every time a solid dropped in, the toilet played the Mario Brothers' coin-collect sound...

Re:As John Crapper intended? (1)

ls671 (1122017) | about 8 months ago | (#44472975)

The only existing fancy technology from a use-perspective that makes sense is the integrated bidet.

Not sure I would like that hygiene wise. Washing your bum in the toilet?

Re:As John Crapper intended? (2)

TheSeatOfMyPants (2645007) | about 8 months ago | (#44473833)

A lot of them feel the same way about toilet paper... AFAIK the jets of water do an excellent job on their own without the person touching themselves, so the people used to them feel that using TP results in getting our hands filthy with germs and the urine/feces being smeared around & left behind in a thin hopefully-undetectable layer.

Re:As John Crapper intended? (3, Funny)

BrokenHalo (565198) | about 8 months ago | (#44472823)

Honestly they bing this kind of thing on themselves.

Ah, a Microsoft toilet. That explains it.

Re:As John Crapper intended? (2)

osu-neko (2604) | about 8 months ago | (#44473085)

How complicated does a toilet need to be?

This is Japan we're talking about. A toilet requires a 38-button control panel with a liquid-crystal display. I wish I was joking... [wikipedia.org]

Re:As John Crapper intended? (3, Funny)

Quasimodem (719423) | about 8 months ago | (#44473323)

I certainly hope "Ready to Receive" is its default position, because I'd sure hate to run through the pre flight checklist whilst doing the happy toilet dance.

Re:As John Crapper intended? (3, Interesting)

ebno-10db (1459097) | about 8 months ago | (#44473487)

A toilet requires a 38-button control panel with a liquid-crystal display. I wish I was joking... [wikipedia.org]

I especially like the large buttons with the butt wash and butt dry symbols. For once those kind of symbols seem intelligible. Very accommodating to foreign travelers too. If I encountered one of these in a public restroom in Japan I might be able to figure out basic operations despite being unable to read Japanese. I wonder what the display looks like when it issues the warning "Overload imminent - gaijin buttocks detected".

Re:As John Crapper intended? (4, Interesting)

Gogo0 (877020) | about 8 months ago | (#44473945)

people here are very resource-concious after the quake and tsunami. we also have toilets with built-in bidet that have many settings (water temperature, spray strength, pattern, location, toilet seat temperature, etc). my toilet has a small control panel on the wall, most have them built into the seat (captain picard's captain seat, style). this is likely to program the toilet, but i would imagine it also offers water use stats. i heard that it is approximately 100 yen per flush for most people, but of course that depends on your utility, toilet, regular or big flush, and other factors. i can configure my toilet easily enough, but tracking my flushes (and friends', girlfriend's) would be a pain.

for the record, i and others track our energy/water/gas usage to better understand our habits and be more resource-efficient (though for me, really just to save money).

Bluetooth support in Linux is shit! (0)

Anonymous Coward | about 8 months ago | (#44472743)

Quite right it is used for a toilet.

Crap engineering (0)

Anonymous Coward | about 8 months ago | (#44472769)

Seriously, who programs it that way and thinks it's going to be OK?

Re:Crap engineering (2)

pipatron (966506) | about 8 months ago | (#44473029)

Could be they underestimated the reach of Bluetooth, or underestimated the cost of water for flushing.

Or perhaps you are overestimating both? Will the signal go 10 metres through concrete walls? Will flushing the toilet amount to any more than spare change in the long run? I honestly wouldn't know, I live in a part of the world where getting clean water isn't much of a problem.

Re:Crap engineering (0)

Anonymous Coward | about 8 months ago | (#44473461)

Perhaps a study should be about the fucken dumb-shits that had too much time on their hands and need to dream up a project to show they are not expendable. When the shit hits the fan and corporate figures out how they pissed time and money away, there's going to be a great deal of crap to deal with. Using the KISS principle (keep-it-simple stupid) the operation of the common toilet is good enough. Imagin all the shit it has to put up with durning a life time without the need for net work. Listen up commode Stais company, you have pegged my fucken stupid idea meter, the dial doesn't go up any higher.

Size and storage? (0)

Anonymous Coward | about 8 months ago | (#44472771)

The question is, what is its internal storage size after OS installation?

Re:Size and storage? (1)

Anonymous Coward | about 8 months ago | (#44472831)

Also, how often are its memory leaks, and how does one analyze core dumps with it?

This isn't going to go well (0)

Anonymous Coward | about 8 months ago | (#44472773)

Let the toilet humor begin...

Finally, a bit of news. (4, Interesting)

Anonymous Coward | about 8 months ago | (#44472829)

If people can get their heads out of the gutter for a moment, this is really the kind of news that has a higher impact than believed. One could rack up quite a water bill for a unliked neighbor, and kids will have no end to the fun of flushing other's toliets, again leading to fresh water waste. There isn't as much fresh water as people would like to have, and on an island like Japan, I'd imagine that such waste would be felt quite dearly.

Re:Finally, a bit of news. (1)

ebno-10db (1459097) | about 8 months ago | (#44473523)

If people can get their heads out of the gutter for a moment ...

If you can't see the humor in a hacked toilet, you're either too stuck up to be tolerable, or too humorless to remain sane.

Re:Finally, a bit of news. (1, Funny)

Dragonslicer (991472) | about 8 months ago | (#44473661)

If you can't see the humor in a hacked toilet, you're either too stuck up to be tolerable...

So you're saying they might be a bit anal retentive?

Re:Finally, a bit of news. (1)

phantomfive (622387) | about 8 months ago | (#44473593)

Japan gets between 20 and 45 inches of rain a year in most of the country, I don't think they're hurting for water, even if they are on an island.

SNMP MIB (1)

mejustme (900516) | about 8 months ago | (#44472837)

I would hate to see the SNMP MIB for a networked toilet. Sure, a commercial place (think airport, or large shopping mall) could use it to keep a handle on which bathroom needs to be cleaned, but... Some variables are not meant to be polled. I don't want my SNMP software to tell me the size or texture of objects flushed, etc.

More networking of stuff that shouldn't be (0)

Anonymous Coward | about 8 months ago | (#44472853)

Just because we can do something does not mean that we should. There is no logical reason to network the local commode. If I need to flush the toilet, I can push the button directly. I don't need to find my phone, open an app, scroll through the menu and push a button there. I see the same sort of cluelessness in Comcast commercials for their security system. I don't think anyone needs the ability to set their home's thermostat from half-way around the world. It is yet another "needless" feature designed to leak information to people who do not need to know but thinks they can make a buck off of it.

Re:More networking of stuff that shouldn't be (3)

Blaskowicz (634489) | about 8 months ago | (#44473607)

Setting the thermostat seems good. Went on a trip and forgot/didn't bother to turn heat off?, you can do it. Coming back home in the freezing winter?, turn it on some hours before you get back home or even have something like "I want 19C by 8:00 PM" and the computerized system figures out how to make it happen cheapest.

At the least I'd like to be able to know how much my stuff is consuming electricity (global wattage, fridge, water heater..) and figure out if anything is not working properly (such as the fridge eating too much) and be able to fucking read it from my desktop. With daily, weekly, monthly ect power usage charts. Computer security is a big problem with stuff like that, sure.

Funnily the crapper maybe can be networked so it reports a leak! It doesn't need two-way communication though, just send a signal to the central computer.

Thats just crappy security. (1)

Anonymous Coward | about 8 months ago | (#44472863)

They should can their programmers.

Revenge (3, Funny)

Tablizer (95088) | about 8 months ago | (#44472871)

Suppressed, insulted, and downtrodden for thousands of years, excrement has finally found an ally in technology to enact both escape and revenge upon humanity, their former slave-masters. Poop will finally rule the Earth like it was meant to; no longer confined to tubes and toilets. Freedom awaits; time to raise a stink!

Re:Revenge (2)

Ol Olsoc (1175323) | about 8 months ago | (#44473775)

Poop will finally rule the Earth like it was meant to; no longer confined to tubes and toilets. Freedom awaits; time to raise a stink!

Sure, but it will have to do it in excremental steps.

Surprised me (5, Funny)

CODiNE (27417) | about 8 months ago | (#44472883)

Didn't expect the pin vulnerability. I thought it would be an overflow problem.

Re:Surprised me (1)

Anonymous Coward | about 8 months ago | (#44473023)

"I thought it would be an overflow problem."

From the advisory [trustwave.com]:

The "My Satis" Android application has a hard-coded Bluetooth PIN of "0000" as can be seen in the following line of decompiled code from the application:

BluetoothDevice localBluetoothDevice =
BluetoothManager.getInstance().execPairing(paramString, "0000")

As such, any person using the "My Satis" application can control any Satis toilet. An attacker could simply download the "My Satis" application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner.

Re:Surprised me (0)

Anonymous Coward | about 8 months ago | (#44473257)

A stack overflow would be particularly traumatic.

However most household bathrooms are already subject to DoS attacks when there are females present.

Re:Surprised me (1)

roman_mir (125474) | about 8 months ago | (#44474005)

I, on the other hand, am concerned about inconsistent flushing of the input streams and core dumps.

Good thing (0)

Anonymous Coward | about 8 months ago | (#44472903)

that toilet seat belts are not vulnerable yet.

Why? (5, Insightful)

Cordus Mortain (3004429) | about 8 months ago | (#44472931)

I mean really - why would you network a toilet?

Re:Why? (0)

Anonymous Coward | about 8 months ago | (#44473207)

And a while back I asked why a computer mouse needs to access the internet. No one listened then either.

Re:Why? (1)

TFlan91 (2615727) | about 8 months ago | (#44473543)

Haven't you seen South Park? What if you left the seat up and some woman needed to pee?!!?! We all know woman can't take the extra 2 seconds to check if the seat is down, instead she will call you and ask you to lower it even thought youre at work!! Just remote in and lower the seat, bam!

Re:Why? (1)

Nemyst (1383049) | about 8 months ago | (#44473615)

Can't you see how convenient this is with the Internet and all? If the tubes are clogged, now you can just flush your toilet.

Re:Why? (1)

hurwak-feg (2955853) | about 8 months ago | (#44473669)

I mean really - why would you network a toilet?

A turd tax? For each turd flushed, one must pay a .$05 tax. It costs money to decompose biodegradable material, its not like things like bacteria and plants are going to eat it...Oh yea, that is how that works.

Maybe connect the toilets to the showers, so one can't flush when another is in the shower? This seems like a joke project a very bored engineer came up with.

the short answer is: telemedicine (5, Insightful)

circletimessquare (444983) | about 8 months ago | (#44473979)

it's basically an upgraded version of traditional Chinese physicians smelling the emperor's feces as a diagnostic tool

chemical assays of one's urine and feces can test for many health concerns, monitor your diet, and if your medicines need to have their doses adjusted

you'd sit on your toilet in the morning, and then get a message from your doctor saying there's elevated levels of marker in your urine and he wants you to come in the office to check something out

that's the utopian vision anyways

for the dystopian vision, check out all the other comments here

Ewwww (0)

Anonymous Coward | about 8 months ago | (#44473033)

I'm no so sure I need to flush the toilet using an android app - especially not without washing my hands first..gross..

Some germophobe will probably tout that as a feature, now you can flush without even needing to touch the handle - oh wait, we already have automatic flushometers..

Good grief! (0)

Anonymous Coward | about 8 months ago | (#44473053)

Good grief!!

Ur Ine Trouble Now, World... (2)

j_presper_eckert (617907) | about 8 months ago | (#44473113)

...what kind of a society do we live in when not even our "IP" address is safe??? Time to re-check my chlorine-bleach-based firewall; you never know what nefarious trouble is in the pipeline.

Oh God - stack overflow!

Oh the possibilities... (1)

BioTitan (2624413) | about 8 months ago | (#44473433)

I'm not sure I want to know what people can do by hacking your toilet.

Re:Oh the possibilities... (3)

TheSeatOfMyPants (2645007) | about 8 months ago | (#44473675)

Well, since it's a Japanese toilet, probably a lot -- Wikipedia [wikipedia.org] listed some of the *basic* features:

While the toilet looks like a Western-style toilet at first glance, there are numerous additional features—such as blow dryer, seat heating, massage options, water jet adjustments, automatic lid opening, automatic flushing, wireless control panel, room heating and air conditioning for the room—included either as part of the toilet or in the seat. These features can be accessed by an (often wireless) control panel attached to the seat or mounted on a nearby wall.

Please explain this to me (0)

Anonymous Coward | about 8 months ago | (#44473587)

I don't know the ins and outs of the way Bluetooth pairing works, but I do know that there are many BT devices out there with hardcoded PINs used for pairing and nobody has ever cried "security hole" about them. What makes this toilet different from a device security point of view? If you can't get physical access to set the toilet into pairing mode, can you still access it remotely?

Why don't we have these in the west? (0)

Anonymous Coward | about 8 months ago | (#44473617)

Can't find them in stores here for some reason. I would save a fortune on toilet paper, shit smears and I have a hairy ass too. I don't want shit stains, and yes I dampen the toilet paper before wiping, and alternate with dry, but I end up with haemorrhoids and bleeding from the amount of wiping it takes sometimes. No, it's not from straining to take a shit, I eat enough fiber and it comes out easily. I also use the squatting method mostly to put less strain on my body... (enough straining and you won't be able to control your bowels when you're older, and over time it makes it that much harder to shit as well). This would revolutionize the west. If only it didn't cost over a thousand to import a good one, or to find one of the few manufacturers here that make a good quality one. And I wouldn't recommend the clip-on plastic bidets from amazon.

Begs the question... (1)

FuzzNugget (2840687) | about 8 months ago | (#44473651)

What possible reason could there be for a wireless-capable toilet?

Of course, this is Japan who, as we all know, are into all sorts of weird shit.

iToilet (0)

Anonymous Coward | about 8 months ago | (#44473741)

Was invented several years ago :

http://www.youtube.com/watch?v=Ph79vPIiWbM

For further hilarity, you must see the Mactini :

http://www.youtube.com/watch?v=noe3kR8KqJc

and the all time clasic, Internet Ham :

http://www.youtube.com/watch?v=1r3tx3IEsN4

Enjoy!

I am going to fry your ass (1)

drolli (522659) | about 8 months ago | (#44473821)

gets a new meaning (Japanese toilet seats are heated - someting i think of as very pleaseant).

Hackers, Al-Qadea, and NY Alligators!! (0)

Anonymous Coward | about 8 months ago | (#44473859)

Ack! The evil hackers can now hack your $6000 toilet!
Their working with Al-Qaeda to have them all flush at the same time, forcing the alligators out of the NY street sewers onto the streets!!
Where are the Teenage Mutant Ninja Turtles when you need them!!!

iPhone Catalog App (0)

Anonymous Coward | about 8 months ago | (#44473887)

It's bad enough we will have to worry about SCADA attacks on our toilets...

Can an iPhone "Catalog" app that enables you to wipe your ass with your iPhone be far behind? ...come on, admit it, you know you've wiped your ass with your iPhone in a pinch...

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...