Vulnerabilities > CVE-2013-4866 - Security vulnerability in My SATIS for Android
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE low complexity
lixil
Summary
The LIXIL Corporation My SATIS Genius Toilet application for Android has a hardcoded Bluetooth PIN, which allows physically proximate attackers to trigger physical resource consumption (water or heat) or user discomfort.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/122655/TWSL2013-020.txt |
| id | PACKETSTORM:122655 |
| last seen | 2016-12-05 |
| published | 2013-08-02 |
| reporter | Dan Crowley |
| source | https://packetstormsecurity.com/files/122655/LIXIL-Satis-Toilet-Hard-Coded-Bluetooth-PIN.html |
| title | LIXIL Satis Toilet Hard-Coded Bluetooth PIN |
References
- http://arstechnica.com/security/2013/08/holy-sht-smart-toilet-hack-attack/
- http://packetstormsecurity.com/files/122655/LIXIL-Satis-Toilet-Hard-Coded-Bluetooth-PIN.html
- http://seclists.org/fulldisclosure/2013/Aug/18
- http://www.huffingtonpost.co.uk/2013/08/05/smart-toilet-could-attackmy-satis_n_3706116.html
- http://www.independent.co.uk/life-style/gadgets-and-tech/features/now-even-toilets-arent-safe-from-hacking-8747232.html
- https://www.trustwave.com/spiderlabs/advisories/TWSL2013-020.txt