SECURITY
SECURITY
SECURITY
Hot tub hack machine: Hackable spas are now a thing, thanks to security vulnerabilities
In what sounds like a plot in a bad Adam Sandler film, a security company has discovered a brand of hot tubs that can be easily hacked.
Described in excruciating details over the weekend by security researchers at Pen Test Partners Ltd., the vulnerability relates to the Balboa Water App, a mobile app used for controlling around 30,000 hot tubs manufactured by Balboa Water Group Inc.
The researchers found that the app, which connects to a hot tub over Wi-Fi, did not correctly authenticate users, potentially allowing third parties to gain access. Worse still, the location of hot tubs could also be discovered since the lack of authentication on the receiving end allowed the researchers to map their locations.
OK, so it’s unlikely that anyone would actively seek to hack hot tubs. But the researchers did note that the access would allow someone to increase or decrease the heat in the hot tub.
“It’s easy to turn your temperature down so your tub becomes unusable. It’s also easy to heat it continuously, wasting electricity,” the researchers note. “Blowers are also only turned on when someone is in the tub, so the hacker can figure out if you’re in the tub at the time. Creepy.”
In response to the news, BWG, the company behind the hot tubs told the BBC that it had been “surprised” to learn of the flaw since its app had been available for five years during which users had not reported any problems.
It went on to note that it was working with more than 1,000 owners in the U.K. and others globally to set up a system of individual usernames and passwords to secure the online controls. Perhaps worse still, it added that it had previously opted not to do so because it had wanted to “allow for simple and easy use and activation” by homeowners.
Image: Pen Test Partners
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
