Copyright © 2013 TotalDefense, Inc. | All rights reserved www.totaldefense.com Page 1

Security breach: Who flushed my toilet?

Last year, a Japanese hi-tech company launched one of the surprising luxury products marketed to the

public - The ‘Satis’. A new several thousand dollars toilet delivered with an application controlled via

smart phone devices.

However, it turns out there is a security breach, so that anyone, even with basic knowledge in smart

phones, can remotely activate many of the toilet’s functions.

The toilet, currently sold for about $5,600, lets the owner warm the toilet seat, splash water, play

music and flush by snapping on the smartphone’s screen. It also enables sophisticated toilet track of

water and electricity quantities, and even keep a calendar with your visits to the toilet.

The application issue that triggers the toilet, allows anyone with the app to take over such toilet, even

if it is not his. How is it possible? Simple. The default security code of the application through the

toilet receives the commands using Bluetooth technology is the same every time - four zeros (0000).

This “very creative” code makes it easy to connect to any ‘Satis’ toilet. An attacker can simply

download the app and use it to flush the toilet again and again, activate the seat heating and basically

everything else, thus causing the owners to absorb high costs of water and electricity.

The only limitation is that the application must be within Bluetooth range, so anyone who wants to

carry out an attack like that, would have to be relatively close to the toilet itself.

Copyright © 2013 TotalDefense, Inc. | All rights reserved www.totaldefense.com Page 2

This security issue is only the tip of the iceberg, as many devices like refrigerators and washing

machines become more and more “smart” making them vulnerable to such attacks and similar, thus it

is obvious that we will see more breaches in the near future.

About TotalDefense:

Total Defense(@Total_Defense) is a global leader in malware detection and anti-crimeware solutions. We offer a broad portfolio of leading security products for the consumer market used by over four million consumers worldwide. Our solutions also include the industry’s first complete cloud security platform, providing fully integrated endpoint, web and email security through a single Web-based management console with a single set of enforceable security policies

Total Defense is a former business of CA Technologies, one of the largest software companies in the world, and has operations in New York, California, Europe, Israel and Asia.

Visit http://www.totaldefense.com/ for web, cloud & mobile security solutions for home users and businesses.