Bestowing terrifying new definitions on the phrases “backdoor vulnerability” and “security hole,” one of the world’s most luxurious toilets has been exploited by hackers. The smart toilet is vulnerable via its built-in Bluetooth radio, allowing hackers to remotely open or close the lid, flush the toilet, or, perhaps most perturbingly, activate the built-in bidet function.

The toilet, which is called the Satis and made by Lixil (a Japanese firm, of course), includes Bluetooth functionality so that it can be controlled by a companion smartphone app called My Satis. My Satis lets you control all of the toilet’s functions, including the flusher, bidet, and hot-air blower — and it also lets you track your bowel movements. At this point you should probably watch the promotional video below, just so you understand the solemnity of this security SNAFU.

The attack vector, detailed by security firm Trustwave, is depressingly simple. Basically, to use the My Satis app, you have to pair your smartphone with the toilet via Bluetooth — but the toilet’s Bluetooth PIN is hard-coded to four zeros (0000). This is fairly normal for a “dumb” Bluetooth device without a keypad, because there’s no easy way to pick another PIN. In this case, though, it means that anyone within Bluetooth range of the toilet can trigger its functions. At its most simple, a hacker could set the toilet to continually flush, wasting water and costing you money. At its most terrifying, the hacker could activate the toilet’s built-in bidet and dryer functions at will.

Fortunately, the range of Bluetooth is quite short — on the order of 30 feet/10 meters — so if your toilet gets hacked, the attacker is likely to be a pranksterish teen or passive-aggressive spouse. Still, it’s not hard to imagine the mental malaise that might arise from a few weeks of surprise squirting. The first few times you might chalk it up as a malfunction, but if the toilet keeps squirting water at your butt when you least expect it, you can see how it might wear you down.

Sadly, there doesn’t seem to be a fix in the works — and really, there’s probably no easy way of updating a smart toilet, anyway. Your best bet is probably to stay away from any Satis toilets; or indeed, any toilet that uses a smartphone app, instead of physical buttons. Putting aside the questionable hygiene of using a smartphone after wiping your ass, imagine if your smartphone ran out of battery just after you laid down a particularly pungent poop.

Now read: Raspberry Picrowave: Using a Raspberry Pi to cook a raspberry pie