Luxury toilet users warned of hardware flaw
Retail for up to $5,686 (£3,821)
The Satis toilet includes automatic flushing, bidet spray, music and perfume release.
The toilet is manufactured by Japanese company Lixil and controlled through an Android app called My Satis.
But the researchers say hardware flaws mean any phone with the app can activate any toilet.
The toilet uses Bluetooth to receive instructions through the app, but the Pin code for each model is hard wired to four zeros (0000)
A report from the Spiderlabs information security specialist at Trustwave shows that this means that it cannot be reset and can be activated by any phone with my Satis app.
It said in the report: \"The attacker can simply download My Satis app and use it to cause the toilet to flush repeatedly, thus increasing the amount of water used and thus increasing the owner
An attacker canalso]
Causing the device to accidentally open/close the lid and activate the bidet or air-
The effect of drying, causing discomfort or distress [the]user.
Security expert Graham Cluley said: \"The range of Bluetooth is limited, which means that anyone who wants to make such an attack needs to be quite close to the toilet.
\"It\'s easy to see how an actual clown cheated his neighbor into thinking that his toilet was possessed because it sprayed water at the victim they wanted and accidentally blew warm air, but it\'s hard to imagine that serious cyber criminals will be interested in the security breach, \"he told the BBC.
\"While this vulnerability seems largely harmless, it is clear that companies that make household appliances need to take into account security issues like computer manufacturers.