Hot Tub Hell
A white hat hacker says he’s discovered a vulnerability in Jacuzzi’s SmartTub app — which allows hot tub owners to control their relaxation cauldrons via smartphone — that could let bad actors access personal data.
But that’s not all. As TechCrunch reports, the digital vulnerability also gives potential malefactors access to SmartTub controls — in other words, the ability to control water temperature, jets, lights, and filters. Chaos!
“That would make things unpleasant the next time the person checked their tub,” said Eaton Zveare, the security researcher and hot tub owner who located the app’s shortcomings when trying to download the “personal hot tub assistant” for himself.
Thankfully, Zveare he doesn’t believe anyone’s physical safety is at risk (Jacuzzi’s maximum temperature setting appears to be 104 degrees Fahrenheit, though it’s unclear if the hack would let attackers go higher than that).
“I don’t think there is anything truly dangerous that could have been done,” he added. “You have to do all chemicals by hand.”
While turning an unwitting hot tub owner’s spa vat to the highest possible temperature would undoubtedly be pure evil, information breaches are a huge issue as well.
According to TechCrunch, the SmartTub app has been downloaded over 10,000 times on Google Play, and anyone who has it on their phone could be at risk. Worse, Zveare says that despite his warnings, Jacuzzi was continuously unresponsive, forcing him to directly contact Auth0 — the third-party identity software used by the SmartTub web interface — for help instead.
“After multiple contact attempts through three different Jacuzzi/SmartTub email addresses and Twitter, a dialog was not established until Auth0 stepped in,” Zveare told the publication. “Even then, communication with Jacuzzi/SmartTub eventually dropped off completely, without any formal conclusion or acknowledgment they have addressed all reported issues.”
Smart devices, convenient as they may be, continue to reveal some pretty inconvenient side effects — here’s hoping that no one pours a drink, throws on a swimsuit, and finds themselves with an unpleasant surprise.
READ MORE: Researcher Hacks Into Backend for Network of Smart Jacuzzis
More on smart devices being dumb: Watch a Hacked “Smart Coffeemaker” Spew Steaming Water
The post Vulnerability Allows Hackers to Set Hot Tub Temp to Anything They Want appeared first on Futurism.