Hacked ‘Smart Toilet’ Demonstrates Importance Of Device Security (And Why Not Everything Needs To Be Internet Connected)
The popular adage that anything is only as strong as its weakest link, certainly applies to home security as well. It teaches us the important lesson that no matter how expensive your security systems, you still need to make sure that you evaluate the rest of your home for possible vulnerabilities. Nowhere is this more true than in the world of the increasing adoption of ‘smart’ internet-connected devices.
To demonstrate this, a security firm in the U.S. tried their hand at hacking a ‘smart toilet’ which is sold by a Japanese firm. The toilet, called the LIXIL Satis Smart Toilet runs about $6,000 and has features like automatic flushing, heated seats, built-in deodorizing action and (of course) internet connectivity. Because if there is anything that we should be spending our resources on it is figuring out how to hook our toilets up to the internet.
Setting aside for a moment, the obvious question of why in the world anyone would need an internet-connected toilet (or why anyone would spend $6,000 on a toilet in the first place), let’s take a look at a prime example of how security systems must include a review of all the internet-connected devices in a home in order to make sure that there are no vulnerabilities.
The security firm decided that they would try their hand at hacking this expensive toilet in order to demonstrate why home security should be something that manufacturers take into account for all the products they produce. They were able to easily reverse engineer the toilet’s electronic computer and develop an android application that allows anyone to take over one of the toilets from afar. Apparently, the toilet manufacturer had hard-coded the PIN of ‘0000’ into the product, demonstrating quite clearly that they were thinking about security when developing this expensive toilet.
Once hacked, the security researchers could use this app to cause the toilet to repeatedly flush, increasing water use and thus cost to its owner. They could also cause the toilet to open and close its lid repeatedly, or at will and activate the bidet or air dryer remotely.
Now, this is partly a tongue in cheek example of security vulnerabilities. Honestly, hacking a toilet like this would probably not compromise home security beyond allowing a few funny pranks and increasing utility costs for the homeowner. But, it demonstrates why its important for security systems to be considered by manufacturers of all kinds of internet connected devices. Think about what this kind of access could mean for a range or oven. Theoretically, an attacker could remotely burn down a home without ever lighting a match or getting within a hundred miles of a home. That is truly scary stuff.