The Internet of Things (IoT) is able to conveniently connect all kinds of devices in ways that bring more usability and efficient network administration of distributed technology, such as improving the performance of the appliances in your home.
Smart home technology is part of the IoT. A subset of that home-based technology allows hot tub owners to use their smartphone or laptop to control their hot tub. Owners can remotely turn their hot tubs on and off or control settings that include temperature, lighting, and filtration. It is a nice convenience to be able to turn on your hot tub in advance of coming home so that it is already warmed up before you arrive. However, researchers in the UK discovered that it was incredibly easy to hack the hot tub software controls.
The BBC reported that tests conducted by the UK security company called Pen Test Partners discovered the hot tub software control vulnerabilities when conducting penetration testing to determine what they could access in a home with smart home technology. Hot tubs were only part of the home appliances that they were able to control with unauthorized access.
RELATED: THE WORLD'S MOST DANGEROUS HACKERS
The ramifications of this security analysis show that manufacturers are not being serious about security concerns when it comes to creating user-controllable features for in-home equipment. At first, a hacker taking control of a hot tub may seem annoying, but not necessarily dangerous. This is not true. This software can be accessed with no authentication. This means anyone with bad intentions can use the data. Criminals are notoriously clever about how they can misuse private data.
The data that the hackers can find out is the physical location of a home with a hot tub. The software gives the GPS coordinates of the home, which the software uses to know which hot tub to control. A hacker can tell if the hot tub is on or off. Moreover, a person using this for illegally spying on someone can tell if they are in the hot tub. This can be determined because the blowers that make the air bubbles work only come on when a person is actually in the tub. They turn off automatically when all the people get out.
A clever criminal can observe a home and then rob it when the occupants are relaxing in the hot tub. The criminal knows exactly when to leave by monitoring the system illegally using a smartphone. They can exit the home, without being caught, when the hot tub blowers turn off before the home’s residents come back in.
Unfortunately, these kinds of crimes are a new reality that someone will have to solve. As more and more things get connected, these vulnerabilities need to be taken seriously by manufacturers due to liability caused by security and privacy concerns. Consumers need to be vigilant in protecting themselves from IoT data breaches, such as when your hot tub use tells a criminal the right time to rob your house.