I Predicted Bluetooth Smart-Toilet Hacks
Sunday, August 4th, 2013 -- by Bacchus
Not even a month ago I produced one of my Rule 34 porn research reports for Dr. Faustus of Erotic Mad Science, which he converted to a blog post. The topic was machines for forcibly washing people, and my report contained this throwaway bit:
Moving on to toilets, the notorious Japanese “smart toilets” include seat heat, massage, adjustable water sprays and jets fore and aft, and in some cases, smart-phone apps for control. It seems natural enough that these devices could be (have been) … hacked for remote control surprises. However, I was unable to find any porn of that (yet).
Imagine my smug surprise at this news:
High-tech Japanese toilets are vulnerable to attack from their manufacturer’s own Android app. As The Atlantic reports, a security advisory from researchers at Trustwave says all Inax Satis Bluetooth toilets have the same Bluetooth PIN (“0000”) hardcoded, allowing anyone with the My Satis Android app to control any toilet within range.
What can you do with the app? Apart from activating the flush and checking in on the detailed defecation records stored by the commode, you can also activate the toilet’s bidet and drying functions, summoning a jet of water or hot air from below. Trustwave has attempted to inform Inax of the flaw three times since its discovery in June, and is only now making the vulnerability public.
So, no actual in-the-wild hack (that we know of, yet) — just a horrible vulnerability that the manufacturer chose to ignore, forcing public disclosure. There’s going to be a lot of unexpected hot and cold water jets up a lot of fannies before this gets fixed, especially if the PINs are indeed hard coded into the toilets.
The news inspired me to look a little harder. Rule 34 has not failed us, there is indeed porn of it:
Similar Sex Blogging: