All sorts of unusual cybersecurity stories appear every August around the time of Black Hat and DEF CON. I always anticipate the deep technical details hinted at in the preceding months, but quirky and unexpected cybersecurity stories also appear in early August. Some of them don’t even come out of the big conferences.
Lixil is a Japanese company producing, among many other home construction products, the Satis luxury toilet.
Among the things I do other than cybersecurity, I research and maintain the Toilets of the World web site. I have been to Japan and therefore realize that “luxury toilet” is a very serious term indeed in Japan. The automated flushing systems we now take for granted in public restrooms? Those were common in Japan years before they were seen in the U.S. Meanwhile, Japan has moved on.
The Japanese company Lixil developed the Satis line of luxury toilets, featuring automatic everything — flushing, bidet sprays and air drying, fragrance release, and music to cover the natural sounds of what’s going on.
All of this can be controlled by an Android app called My Satis. The phone connects to the toilet via a Bluetooth connection, and you can then use your phone to raise and lower the lid, control the bidet and drying functions, stream music from your phone to the toilet’s speakers for that essential covering function, and more.
The problem, as reported by the Trustwave information security company, is that the toilet has a hard-corded Bluetooth PIN of “0000”. There is no “hacking”, as there is not even at attempt at access control. Anyone within Bluetooth range can control any Satis toilet as the vulnerability is within the design of the toilet itself. A prankster could repeatedly flush the toilet. Or for more fun, open and close the lid, activate the bidet and air-dry functions, release fragrance, and play music or other audio of their choice, “causing discomfort or distress to user” as the advisory phrases it.
Increasing complexity brings increasing risk, with toilets as with everything else. The “Internet of things” is appearing, and we are seeing some bad design choices. This one is little more than amusing, but consider the canceled talks that weren’t given at the conferences as it was thought dangerous to publicize the gaping holes in wireless networking used by some automobiles.
Secure design is very difficult. We are usually interested in how to add functionality. The Satis Integrated music and fragrance sprays show the creative thinking that can add features.
Security, however, requires negative design. Certain actions must be prevented. Or allowed only under very specific combinations of conditions. It’s a completely different way of thinking, and one with which most of us are less familiar.
We discuss the difficulty of secure design in Learning Tree’s Cloud Security Essentials course. That is, we will, right after this restroom break.