Discovery of vulnerability that allows opening and closing the lid of a toilet that can be operated without permission, giving out shower / hot air, changing water pressure / water temperature



LIXIL's product brand INAX's shower toilet "SATIS (SATIS)"Has a function that allows you to use a smartphone with Bluetooth connection as a remote control. Currently, the application to be used on this smartphone "My SATIS, Vulnerability has been pointed out that there is a fear that the opening and closing of the lid, the shower function, and the hot wind function may be operated remotely.

LIXIL | Product lineup | Toilet | Shower toilet integrated western style toilet | Satis
http://www.lixil.co.jp/lineup/toiletroom/shower/satis/


Release in 2013! New function of LIXIL toilet "SATIS", smartphone remote control - YouTube


SATIS × SMARTPHONE


It is possible to operate the toilet using the Android compatible application "My SATIS"


Connect toilet and smartphone with Bluetooth


After that, touching the application can turn on / off the shower, move the cleaning position, etc.


Precise fine adjustment possible


The water pressure and the water temperature of the shower toilet are set by the person who entered before, so it may be surprising that it is the strongest or high temperature ... ....


Since My SATIS allows you to remember personal settings, there is no such worry



It also counts electricity fee and water fee fee charged in the toilet


It is also possible to sound music from smartphones from built-in SATIS speakers. So-called"LolIt seems that it can be used as a function.


Also, "Toilet diary" is also installed ... ...



By keeping track of daily bowel movements you can grasp the state of the body.


Since the illustration and classification method which is easy to understand such as shape and color are prepared in the diary, it seems to be fun when you look back.


Although it is such an application, the vulnerability is caused by the fact that the PIN code of Bluetooth connecting the main body of the toilet and the application is hard-coded, and anyone who pairs with the main body can use the function of My SATIS It is becoming.

Trustwave SpiderLabs Security Advisory TWSL 2013-020: Hard-Coded Bluetooth PIN Vulnerability in LIXIL Satis Toilet
https://www.trustwave.com/spiderlabs/advisories/TWSL2013-020.txt


In other words, a malicious attacker who is different from the person in the toilet uses the application to open and close the lid without permission, take a shower, change the water pressure, change the water temperature, It is possible. Trustwave who discovered this vulnerability said that he contacted LIXIL three times but there was no reaction.

There is no choice but to hopelessly desperate if you rush into the toilet and get stuck with this vulnerability and close the lid ... ....

in Note,   Video, Posted by logc_nt