Pricey ‘Smart’ Toilets Vulnerable To Hacking

Pricey 'Smart' Toilets Vulnerable To HackingA luxury toilet controlled by a smartphone app is vulnerable to attack, according to security experts.

‘Hardware flaw’

Retailing for up to $5,686 (£3,821), the Satis toilet includes automatic flushing, bidet spray, music and fragrance release. The toilet, manufactured by Japanese firm Lixil, is controlled via an Android app called My Satis. But a hardware flaw means any phone with the app could activate any of the toilets, researchers say.


‘Can be activated by any phone’

The toilet uses bluetooth to receive instructions via the app, but the Pin code for every model is hardwired to be four zeros (0000), meaning that it cannot be reset and can be activated by any phone with the My Satis app, a report by Trustwave’s Spiderlabs information security experts reveals.

“An attacker could simply download the My Satis application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner,” it says in its report. “Attackers could [also] cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to [the] user.”

The limited range of bluetooth means that anyone wishing to carry out such an attack would need to be fairly close to the toilet itself, said security expert Graham Cluley.

How would you react if your toilet suddenly operated on its own? Should the Satis toilet be banned?

Source: Zoe Kleinman | BBC News

Image: For What It’s Worth

Why You Shouldn’t Use ‘Password1′ as Business System Password

The number one way hackers get into protected systems isn’t through a fancy technical exploit. It’s by guessing the password. That’s not too hard when the most common password used on business systems is “Password1.”

There’s a technical reason for Password1’s popularity: It’s got an upper-case letter, a number and nine characters. That satisfies the complexity rules for many systems, including the default settings for Microsoft’s widely used Active Directory identity management software. Security services firm Trustwave spotlighted the “Password1″ problem in its recently released “2012 Global Security ,” which summarizes the firm’s findings from nearly 2 million network vulnerability scans and 300 recent security breach investigations.

Around 5% of passwords involve a variation of the word “password,” the company’s researchers found. The runner-up, “welcome,” turns up in more than 1%. Easily guessable or entirely blank passwords were the most common vulnerability Trustwave’s SpiderLabs unit found in its penetration tests last year on clients’ systems.


Exploiting weak or guessable passwords was the top method attackers used to gain access last year. It played a role in 29% of the security breaches Verizon’s response team investigated.

But attackers are increasingly using brute-force tools that simply cycle through all possible character combinations. Length is the only effective guard against those. A seven-character password has 70 trillion possible combinations; an eight-character password takes that to more than 6 quadrillion.

Source: CNN

Image: The Kitchen Cabinet