Thousands of hot tubs can be hacked and controlled remotely because of a hole in their online security, the BBC show Click has revealed. Researchers showed the TV programme how an attacker could make the tubs hotter or colder, or control the pumps and lights via a laptop or smartphone.
Vulnerable tubs are designed to let their owners control them with an app. But third-party wi-fi databases mean hackers can home in on specific tubs by using their GPS location data. Balboa Water Group (BWG), which runs the affected system, said the problem would be fixed by the end of February. Pen Test Partners – the UK security company that carried out the research – warned that hot tubs were not the only household items at risk.
Read more about this new example of poor IoT security on BBC.