The smart toilet ... oh crap!

 - 
07/22/2020

The loo, bathroom, restroom, el bano, latrine, water closet, washroom, powder room, lavatory, outhouse, toilet, commode, throne, potty … whatever your special name is for this place, we all know others shouldn’t be “privy” to our private moments here. But, as technology advances and new “smart” apparatuses tempt the must-have-it-all-type of consumer, privacy wanes and cybercriminals find new ways into the more personal parts of people’s lives. Case in point, the smart toilet …

Scientists at the University of Wisconsin-Madison, Joshua Coon and Ian Miller, recently analyzed 110 of their own urine samples directly from a toilet bowl over a 10-day period. The smart toilet actually went into the molecular makeup of these men’s urine, giving information about what was in their blood. From that, Coon and Miller were about to see how much: 

  • sleep and exercise they got;
  • alcohol or coffee they drank and when; and 
  • over-the-counter medications they had taken.

 

The two reasoned that a toilet of this caliber could be used to not only detect things — urinary tract infections, kidney disease, diabetes and other metabolic disorders — before symptoms even presented, but could automatically send information to users’ doctors. So, they are on a five-year journey to create this preemptive potty, complete with:

  • A briefcase-size screen above the tank;
  • A phone app;
  • A bowl that resembles a compost toilet with an opening for collecting and separating urine samples; and
  • The ability to differentiate between six and 12 users.

 

Pretty nifty, huh?

I think so. This would propel medicine into being more preventative, just as security is focused on being more proactive rather than reactive. But (only one “t” and no pun intended), this would be yet another way to allow cybercriminals into our lives. Oh crap!

Whether creating a smart toilet or any other connected device, manufacturers must ensure that all data be collected, stored and transmitted safely at the very beginning. Antoinette King, PSP, key account manager, AXIS Communications offers the following guidance for manufacturers:

  1. “Create a secure communication link from the device to the endpoint that the data is processed and stored.”
  2. “Ensure that information cannot be intercepted as it is being transmitted to help prevent data leakage.”
  3. “Ensure that the people responsible for developing the code for the device itself have security as a priority and will test and retest for vulnerabilities prior to release.”
  4. “Whenever data is being stored, it needs to be protected with encryption and two-factor authentication should be used to gain access.” 

Consumers also have a responsibility to help "flush" out cybercrime and protect their data when using connected devices. King advised all consumers to ask themselves the following questions, as well as know and understand the answer, in regard to every connected, smart device they use:

  1. Who has access to the device?
  2. How is access gained?
  3. How is information stored?
  4. How is information transmitted?

“As consumers, we need to be educated and hold manufacturers accountable for how they handle our data and personal information," King said. "We cannot just consider how easy something is to use, but we must consider how secure they are as well. As we all know, we are only as good as our weakest link. In this ever-growing digital lifestyle we are living, now more than ever, we need to be vigilant about our personal identifiable information."