E-MAIL THIS LINK
To: 

Luxury Toilet Users Warned Of Hardware Flaw
[BBC] A luxury toilet controlled by a smartphone app is vulnerable to attack, according to security experts.
ATTACK OF THE KILLER TOILETS!!!!!1!
Retailing for up to $5,686 (£3,821), the Satis toilet includes automatic flushing, bidet spray, music and fragrance release.

The toilet, manufactured by Japanese firm Lixil, is controlled via an Android app called My Satis.
God help the toilet's owner, not to mention all those nearby, should the NSA choose to hack the thing, because nothing less than the intervention of God himself would save them. SWAT teams charging in from outside are nothing on a truly vindictive, externally controlled toilet run amuck.
But a hardware flaw means any phone with the app could activate any of the toilets, researchers say.
Well, aint that the... ummm... cheese.
The toilet uses bluetooth to receive instructions via the app, but the Pin code for every model is hardwired to be four zeros (0000), meaning that it cannot be reset and can be activated by any phone with the My Satis app, a report by Trustwave's Spiderlabs information security experts reveals.
Or even by all the phones with the My Satis app.
"An attacker could simply download the My Satis application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner," it says in its report.
Waydaminnit. If it flushes "automatically" why would you need an app? Wipe. Stand. Leave. Toidy flush. They got that sort of electrical eyeball thingy on lots of less than luxury commercial toilets now.
"Attackers could [also] cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to [the] user."
Gotta have a pretty hefty motor on that sucker to lift the lid and/or the seat with no one sitting on it. I suppose the surprise bidet function could be kind of harrowing, but it wouldn't be deadly.
The limited range of bluetooth means that anyone wishing to carry out such an attack would need to be fairly close to the toilet itself, said security expert Graham Cluley.
So that lets out sixty million simultaneous signals to flush. This is looking less and less dangerous, except for an occasional surprise backside drying.
"It's easy to see how a practical joker might be able to trick his neighbours into thinking his toilet is possessed as it squirts water and blows warm air unexpectedly on their intended victim, but it's hard to imagine how serious hardened cybercriminals would be interested in this security hole," he told the BBC.
Things were simpler in the old bombsight crapper days. Smellier, but simpler.
"Although this vulnerability seems largely harmless, what's clear is that companies building household appliances need to have security in mind just as much as computer manufacturers."
Posted by: trailing wife 2013-08-06
http://www.rantburg.com/poparticle.php?ID=373417