It's no secret that virtually anything that runs on code can and will eventually be hacked. There's no dearth of examples. Our desktops, laptops, smartphones, and tablets are just the playthings of any attacker with sufficient skills and time.
But now it's getting personal. Hackers are hitting us where it really hurts: below the belt and with our pants down.
[ Meet the new hackers: Johnny Law. | For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter and follow Cringely on Twitter. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]
Yes, I'm talking about our crappers. As the BBC reported earlier this week, it seems so-called smart toilets aren't so smart after all. Researchers at Trustwave's Spiderlabs recently discovered security flaws in a $6,000 commode that could allow attackers to control the john remotely. The Beeb reports:
The toilet, manufactured by Japanese firm Lixil, is controlled via an Android app called My Satis. But a hardware flaw means any phone with the app could activate any of the toilets, researchers say.
The toilet uses Bluetooth to receive instructions via the app, but the PIN code for every model is hardwired to be four zeros (0000), meaning that it cannot be reset and can be activated by any phone with the My Satis app, a report by Trustwave's Spiderlabs information security experts reveals.
"An attacker could simply download the My Satis application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner....Attackers could [also] cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to [the] user."
In other words, using an extremely simply hack, an attacker could gain Roto-Rooter access to the device's OS.