Thousands of Internet connected hot tubs vulnerable to remote attacks

[ Jan 08, 2019 ]

According to the research from a Buckinghamshire-based security group Pen Test Partners, hot tubs can also be hacked using an app simply because there isn’t any authentication process in place.
Reportedly, 26,000 hot tubs are currently vulnerable to be hacked and controlled remotely and anyone can perform the hacking by searching on, a hacking database, which includes geolocation data. Hence, anyone can search for the physical location of the device.
A hacker can gain access to the system and increase or decrease the heat quite effortlessly making the tub unusable. If the tub is continuously heated, it will waste a considerable amount of electricity. Furthermore, since blowers are activated only when someone’s using the hot tub so a hacker would figure out when the user is in the hot tub and can thus, manipulate the temperature or turn the water pumps on or off.
The manufacturer Balboa Water Group has stated that it is currently improving the authentication process of over 1,000 tub owners across the UK and elsewhere.

Cyber Security Tips :
– Until an update is released, which might be released by the end of February, users of hot tubs are urged to not use the remote control function.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at

Up ↑

%d bloggers like this: