Smart toilet can be hacked, company warns.

Hackable Smart Toilets: The Rise of the Latrines

Hackable Smart Toilets: The Rise of the Latrines

Future Tense
The Citizen's Guide to the Future
Aug. 5 2013 4:43 PM

Hackable Smart Toilets: The Rise of the Latrines

Inax USA's smart Satis Dual Flush toilet
Inax USA's smart Satis Dual Flush toilet

Product screen shot via Inax USA.

Have you heard about the Inax Satis smart toilet? It is a marvel—a “stylish” and “compact” creation with “advanced electronics technology,” “relaxing comfort features that cater to the human senses,” and “hygienic cleansing for shower-spray personal care.” Be so bold as to approach. The lid opens automatically; soothing music begins to play. A seat warmer activates. Deodorizers infuse the air with fragrance. In the dark, a faint glow will illuminate the bowl. When you’ve done your business, the smart device flushes, the lid closes, and an air purifier releases a spurt of “Plasmacluster negative ions” to restore the electrical balance of the room.  Two retractable bidet nozzles, adjustable for water pressure and temperature, come to life. (There is even a massage setting, in which “the spray alternates between strong and mild.”) It is hard not to fantasize about future versions of the Inax Satis: Perhaps users will be nuzzled by unicorn foals midpee, or engulfed in a cloud of rose petals as inspirational films shimmer on the opposite wall.

But trouble has come to this commode paradise. On Aug. 1, the information security firm Trustwave issued an advisory that the Inax Satis smart toilets are vulnerable to hacking. Ars Technica explains:

Functions of the Satis—including the raising and lowering of its lid and operation of its bidet and flushing nozzles—can be remotely controlled from an Android application called "My Satis" over a Bluetooth connection. But the Bluetooth PIN to pair with the toilet—"0000"—is hard-coded into the app.

Therefore, according to the advisory:

Any person using the 'My Satis' application can control any Satis toilet. An attacker could simply download the 'My Satis' application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner. Attackers could cause the unit to unexpectedly open/close the lid, [or] activate bidet or air-dry functions, causing discomfort or distress to user.

As if it weren’t uncomfortable and distressing enough to have to relieve yourself while your smart toilet judges you! Now evildoers can turn your commode into a lid-clapping, maniacally flushing poltergeist nightmare. (Though if you’re willing to shell out $5,686 for a toilet, maybe you deserve to be punked.) Most ominous of all, the advisory warns in its “remediation steps” section that “no patch currently exists for this issue,” and that Trustwave has received “no vendor response” to three of its alerts. Have the smart potties already taken over the Inax Satis headquarters (Rise of the Latrines)? Is this the beginning of the end?  

For moral and philosophical reasons, I prefer my toilets un-smart, on the theory that if you are a toilet, less sentience is probably better. Those who expect a certain level of decadence in their excretory experience, however, should at least proceed cautiously with Inax Satis. When your compromised commode spontaneously decides to spit water at you, I’m guessing music and soft lighting don’t mean squat.  

Future Tense is a partnership of SlateNew America, and Arizona State University.