Flaws in Smart Jacuzzi App Could Be Exploited To Extract Users’ Data

The vulnerability existed in Jacuzzi Brand LLC’s SmartTub app web interface that could reveal users’ private data to remote malicious attackers.

Researchers have identified vulnerabilities in Jacuzzi Brand LLC’s SmartTub app web interface that can reveal private data to attackers.

Security researcher and ethical hacker Eaton Zveare (EatonWorks) has identified a security flaw in the SmartTub feature of the app used in the hot tubs manufactured by the world-renowned Jacuzzi Brand.

The flaw exists in the app’s web interface, and as per the researcher, it allows a threat actor to view and abuse the personal data of hot tub users. The issue has been patched now, but Zveare claims he wasn’t notified about the fixes. Moreover, he stated that Jacuzzi didn’t reply to his emails.

About the SmartTub App

SmartTub is a Jacuzzi app available for iOS and Android systems. It has a SmartTub feature that users can use to connect to the tub via a module remotely and receive status updates or accepts users’ commands for various tasks. Such as, it can automatically set the water temperature, turn on lights and water jet, etc. It isn’t clear whether the vulnerability impacted these functions.

Attack Scenario Explained

According to

Read More: https://www.hackread.com/smart-jacuzzi-app-flaw-exploited-extract-user-data/