Luxury loos controlled by Android app ‘can be accessed by anyone’.
Toilets controlled remotely by an app are vulnerable to attack, security experts have warned.
The luxury Satis toilet offers automatic flushing, a bidet spray as well as music to serenade customers while they are doing their business.
The toilet, which sells for up to £3,821, is controlled by an Android app called My Satis.
But a flaw means any phone with the app could activate any of Japanese firm Lixil’s Satis toilets, according to Trustwave’s Spiderlabs security experts.
The app send instructions to the toilet via Bluetooth, but the pin code allowing every toilet and app to communicate is the same, meaning any toilet can be accessed by anyone with the app.
And because the code is 0000, it cannot be reset, and so there is no patch to fix it, added the experts.
Their report said: "An attacker could simply download the "My Satis" application and use it to cause the toilet to repeatedly flush, raising the water usage and, therefore, utility cost to its owner.
"Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user."