A white hat hacker claims to have found a vulnerability in Jacuzzi's SmartTub app that could allow bad actors to access personal data.
That's not the whole story. The ability to control water temperature, jets, lights, and filters is one of the things that potential malefactors have access to. There's a lot of chaos!
The security researcher and hot tub owner found the app's weaknesses when trying to download it for himself.
Zveare doesn't think anyone's physical safety is at risk, though it's unclear if the hack would allow attackers to go higher than 104 degrees.
"I don't think there is anything really dangerous that could have happened," he said. All chemicals must be done by hand.
It would be pure evil to turn an innocent hot tub owner's spa vat to the highest possible temperature.
Anyone who has the SmartTub app on their phone could be at risk. Zveare said Jacuzzi was unresponsive and forced him to contact Auth0, the third-party identity software used by the SmartTub web interface, for help.
Zveare said a dialog was not established until Auth0 stepped in. Communication with Jacuzzi/SmartTub dropped off completely without any formal conclusion or acknowledgment.
Here's hoping that no one pours a drink, throws on a swimsuit, or finds themselves with an unpleasant surprise as a result of smart devices.
A researcher has hacked into the backend of a Jacuzzi network.
There's more on smart devices being dumb.
All Rights Reserved © 2024
