Skip to main content
Hacking

Kohler smart toilet seat accessible through Bluetooth analytical app

‘The color and the brightness are two visible things we can mess with,’ researcher tells IT Brew.
article cover

Francis Scialabba

less than 3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Are you sitting down?

Kohler’s new PureWarmth heated, LED-equipped toilet seat has a design flaw that allows backend users to manipulate it.

At this April’s RSA Conference, Independent Security Evaluators principal security analyst Joshua Meyer showed how anyone can access the PureWarmth system using the Bluetooth functionality of your personal device—no Kohler app needed.

Meyer used the analytical Bluetooth app nRF Connect to access the toilet seat settings. He showed IT Brew how he was able to change the LED guide light’s color as an example of what could be done.

“The color and the brightness are two visible things we can mess with,” Meyer said, while changing the LED color from a calming blue to a vibrant orange. “The color just ends up being a wide array of hex values.”

While the exploit doesn’t have any major security impact—there’s no private information stored in the seat, and no data to access—it does indicate that many IoT products aren’t as secure as they could be.

“Some of the backend stuff is sort of a low level way of interacting with this; you’re not using an app that has a fancy button,” Meyer told IT Brew. “This is actually directly sending commands.”

As IT Brew reported in February, the French company Withings is marketing a urinalysis product that sits in your toilet bowl and sends data and medical information to the cloud. Withings assured us at CES ’23 in January that the product was secure.

“Many global companies are attacked on a daily basis,” Julius Dewavrin, a product manager at Withings, said at the time. “The team is prepared for the better or worse attack.”—EH

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.