Wie nett – fernsteuerbare Toilette mit Blauzahn-Unterstützung hat Scheunentor-grossen Exploit
Zum Schei^H^Hiessen:
Finding 1: Hard-Coded Bluetooth PIN
*****Credit: Daniel Crowley of Trustwave SpiderLabs
CVE: CVE-2013-4866
CWE: CWE-259
The "My Satis" Android application has a hard-coded
Bluetooth PIN of "0000" as can be seen in the following
line of decompiled code from the application:
BluetoothDevice localBluetoothDevice =
BluetoothManager.getInstance().execPairing(paramString,
"0000")
As such, any person using the "My Satis" application can
control any Satis toilet. An attacker could simply
download the "My Satis" application and use it to cause
the toilet to repeatedly flush, raising the water usage
and therefore utility cost to its owner.
Attackers could cause the unit to unexpectedly open/close
the lid, activate bidet or air-dry functions, causing
discomfort or distress to user.
Vendor Response:
No response received.
Remediation Steps:
No patch currently exists for this issue.
Revision History:
06/14/13 - Attempt to contact to vendor
07/10/13 - Attempt to contact to vendor
07/12/13 - Attempt to contact to vendor
08/01/13 - Advisory published
References
1. http://www.lixil.co.jp/lineup/toiletroom/shower/satis/