The Japanese are definitely at the forefront of toilet technology. They've innovated heated seats, bidets, air driers and such, and Lixil has just released a toilet called the Satis that you can even control with an Android app! But there's a problem — anyone can control the toilet with the same app.
The problem seems to be that the password for the My Satis app is a mere four-digits long; an easy challenge for a determined toilet hacker. Via BBC News:
The toilet uses bluetooth to receive instructions via the app, but the Pin code for every model is hardwired to be four zeros (0000), meaning that it cannot be reset and can be activated by any phone with the My Satis app, a report by Trustwave's Spiderlabs information security experts reveals.
"An attacker could simply download the My Satis application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner," it says in its report.
"Attackers could [also] cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to [the] user."
Although the hacker would need to be pretty close to said toilet to utilize the Bluetooth controls, security expert Graham Cluley also warns the BBC that a prankster "might be able to trick his neighbours into thinking his toilet is possessed as it squirts water and blows warm air unexpectedly on their intended victim," although if your electronic toilet starts malfunctioning in 2013 and your first thought is that ghosts did it, you have other problems to contend with.
Having used Japanese toilets on more than a few occasions, I can tell you the big issue is not going to be who (or what) is controlling the toilet as it is the bidet function. Those jets can get some serious water pressure, which I presume can also be controlled by the app. I've had my share of surprises, but I can ssure you there are few surprises quite so surprising as being anally powerwashed without warning.
Thanks to James G. for the tip!