By rssfeeds-admin The Dekoda device, launched in October, attaches to toilet rims and uses cameras to capture images inside the bowl, analyzing waste for health insights on gut function and hydration.
Despite Kohler Health promoting claims of end-to-end encryption throughout its homepage, app pages, and support documentation, security researcher Simon Fondrie-Teitler states that its actual implementation does not meet industry standards.
Misleading Encryption Claims
Actual end-to-end encryption ensures only the sender and intended recipient can decrypt data, preventing even the service provider from accessing protected information.
This standard, used by secure messaging platforms like Signal and WhatsApp, means data remains encrypted throughout its journey and storage, with only the user holding decryption keys.
Kohler’s implementation tells a different story. According to the company’s privacy contact, user data is “decrypted and processed” on Kohler’s systems to provide the service.
What Kohler describes as end-to-end encryption is actually standard HTTPS transport encryption combined with encryption at rest, basic security practices that have been industry standard for over two decades, but provide no protection against Kohler itself accessing the data, Simon added.
The company claims “technical safeguards and governance controls” protect identifiable images from employee access, but these administrative controls differ fundamentally from the cryptographic guarantees of genuine end-to-end encryption.
If Kohler’s servers are compromised in a data breach, the stored toilet bowl images and health data would be accessible to attackers.
Further privacy concerns emerge from Kohler’s data usage policies. The company confirmed its algorithms are trained on “de-identified data only,” and users must consent during signup to allow Kohler to use their data for “research, develop, and improve its products and technology.”
Kohler’s privacy policy explicitly states that collected data may be used “to train our AI and machine learning models” and can be shared with third parties after de-identification.
This means intimate bathroom images captured by the device could be incorporated into machine learning datasets, raising questions about the effectiveness of de-identification and potential re-identification risks.
The misuse of the term “end-to-end encryption” in Kohler’s marketing represents a concerning trend as smart home health devices proliferate.
Security experts note that incorrectly applying well-understood security terms can mislead consumers into a false sense of privacy protection, particularly for sensitive health monitoring devices.
The $600 device also requires an ongoing monthly subscription, meaning users pay repeatedly for a service that may not provide the advertised security protections.
For consumers considering smart health devices, security researchers recommend scrutinizing privacy policies and encryption implementations rather than relying on marketing claims.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Kohler’s Encrypted Smart Toilet Camera is not Actually end-to-end Encrypted appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.