A white-hat hacker says he’s discovered a vulnerability in Jacuzzi’s SmartTub app. This allows hot tub owners to control their relaxation cauldrons via smartphone. It could let personal data into the wrong hands.
TechCrunch reports that the digital vulnerability also gives potential malefactors access to SmartTub controls. This means the ability to control water temperature, jets, lights, and filters.
“That would make things unpleasant the next time the person checked their tub,” said Eaton Zveare, the security researcher and hot tub owner who located the app’s shortcomings when trying to download the “personal hot tub assistant” for himself.
Thankfully, Zveare he doesn’t believe anyone’s physical safety is at risk (Jacuzzi’s maximum temperature setting appears to be 104 degrees Fahrenheit).
“I don’t think there is anything truly dangerous that could have been done,” he added. “You have to do all chemicals by hand.”
Besides turning the temperature of the hot water tub to the highest degree, another problem of information breaches is there as well.
According to TechCrunch, the SmartTub app has been downloaded over 10,000 times on Google Play, and anyone who has it on their phone could be at risk. Worse, Zveare says that despite his warnings, Jacuzzi was continuously unresponsive, forcing him to directly contact Auth0 — the third-party identity software used by the SmartTub web interface for help instead.
“After multiple contact attempts through three different Jacuzzi/SmartTub email addresses and Twitter, a dialog was not established until Auth0 stepped in,” Zveare told the publication. “Even then, communication with Jacuzzi/SmartTub eventually dropped off completely, without any formal conclusion or acknowledgment they have addressed all reported issues.”