Wie nett – fernsteuerbare Toilette mit Blauzahn-Unterstützung hat Scheunentor-grossen Exploit
Zum Schei^H^Hiessen:
Finding 1: Hard-Coded Bluetooth PIN *****Credit: Daniel Crowley of Trustwave SpiderLabs CVE: CVE-2013-4866 CWE: CWE-259 The "My Satis" Android application has a hard-coded Bluetooth PIN of "0000" as can be seen in the following line of decompiled code from the application: BluetoothDevice localBluetoothDevice = BluetoothManager.getInstance().execPairing(paramString, "0000") As such, any person using the "My Satis" application can control any Satis toilet. An attacker could simply download the "My Satis" application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner. Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user. Vendor Response: No response received. Remediation Steps: No patch currently exists for this issue. Revision History: 06/14/13 - Attempt to contact to vendor 07/10/13 - Attempt to contact to vendor 07/12/13 - Attempt to contact to vendor 08/01/13 - Advisory published References 1. http://www.lixil.co.jp/lineup/toiletroom/shower/satis/