Connect with us

News

Jacuzzi SmartTub Left Data Exposed Says Cybersecurity Expert

Published

on

Jacuzzi SmartTub Left Data Exposed Says Cybersecurity Expert

Eaton Zveare, a cybersecurity researcher based in Florida, has recently shed light on a significant security vulnerability within the Jacuzzi SmartTub and other similar internet-connected tubs. Zveare documented his findings on his personal blog after discovering that the smart features of the tubs not only granted access to personal data but also put the data of numerous SmartTub users at risk.

As our everyday devices become increasingly smarter, they also become susceptible to security flaws when connected to the internet. We’ve witnessed instances such as ransomware attacks on coffeepots, private baby monitor feeds leaking online, and various other incidents documented on Twitter. Now, we can add the Jacuzzi SmartTub and similar products to this ignominious list.

The Jacuzzi SmartTub, like many other Internet of Things (IoT) devices, is designed for convenience. It allows owners to connect to their tubs through an associated Android or iOS app, which provides updates on power outages, system issues, and enables temperature and jet adjustments from a smartphone or tablet. The popularity of this feature is evident, with over 10,000 downloads of the SmartTub app from the Google Play Store alone.

During his initial attempt to set up an account on the tub app’s associated website, Zveare encountered an unusual occurrence. He received an “unauthorized” notice on his screen, but just before that, he caught a glimpse of an admin panel displaying personal data of other tub owners who were using the app. This data included information not only from Jacuzzi customers but also from owners of other smart tubs under the Jacuzzi brand, such as Sundance Spa, D1 Spas, and ThermoSpas.

According to Zveare, it was a fleeting moment that required him to use a screen recorder to capture the evidence. Being security-conscious, Zveare’s immediate reaction was to test the site’s vulnerability. With relative ease, using a tool called Fiddler to manipulate his web traffic, he tricked the TubSite into believing he was an admin. Exploiting the porous nature of smart technology, Zveare gained access to the entire admin panel, exposing the names and email addresses of tub owners worldwide.

“The amount of data I was allowed to access once in the admin panel was staggering. I could view the details of every spa, see its owner, and even remove their ownership,” Zveare wrote. “Creating a script to download all user information would be trivial. It’s possible it has already been done.”

Zveare and others have reached out to Jacuzzi for comment multiple times, starting from when the vulnerabilities were discovered in December of the previous year. However, Jacuzzi’s response has been inconsistent, alternately acknowledging the emails without further action or completely ignoring them, as Zveare recounts on his blog. Eventually, Zveare involved a security representative from Auth0, the company responsible for Jacuzzi’s login systems. Although the vulnerable panel was shut down upon their intervention, Jacuzzi’s lack of cooperation left another panel exposed, as mentioned in Zveare’s blog.

In preparation for documenting his findings on his blog, Zveare decided to periodically check the remaining panel. It appears that Jacuzzi has since addressed the issue without notifying the researcher who discovered it.

Continue Reading
Click to comment

News

Hot Tub Repair Man Accused Of Burglary

Published

on

Hot Tub Repair Man Accused Of Burglary

During a ski trip in Georgia, a group of friends encountered an unfortunate incident involving a hot tub repairman. After completing the job, the friends invited the repairman in for a beer. However, the following day, the repairman allegedly broke into their apartment and made off with personal items valued at nearly $20,000.

The tenants reported the incident to the Steamboat Springs Police Department on March 16. According to the arrest affidavit, the renters had contacted Vacasa rental regarding a broken hot tub in their rental property. Christopher Svenson, a contractor hired through Vacasa, responded to the request. One of the renters had a conversation with Svenson while he was repairing the hot tub and extended an invitation to join them for a drink.

The next day, the three renters left the premises to go skiing. Upon returning at noon, one of the renters discovered that the door was unlocked. They reported several stolen items, including a Rolex watch worth $18,000, Bose headphones worth $329, a Dell laptop worth $848, Adidas sneakers worth $160, and an $80 laptop case. Additionally, one of the renters reported the theft of an American Express credit card, while another stated that $1,200 in cash was missing from their laptop case.

The renter whose credit card was allegedly stolen received notifications of its usage in multiple locations around Steamboat, starting at 12:10 p.m. on March 16, just ten minutes after one of the renters returned to find the unlocked door.

According to the affidavit, Svenson had only been employed by the rental company for five days, as confirmed by the property manager. The property manager informed the police that Svenson had access to the garage but did not possess keys to enter the residence.

On the morning of March 16 at 9:15 a.m., Svenson reportedly expressed feeling belittled by the tenants to the property manager and promptly quit before leaving the office. However, despite quitting, Svenson was allegedly seen at the rental property by a maintenance staff member at 9:30 a.m., just 15 minutes later.

The police used vehicle registration data and video footage from stores where the stolen credit card was used to identify Svenson as the suspect. Subsequently, Svenson was arrested on Wednesday, April 26, on charges of second-degree burglary, a Class 3 felony, and theft, a Class 5 felony. His bail was set at $25,000.

Continue Reading

News

Canadian Spa Brands Merge – Hydropool + Sunrise

Published

on

Canadian Spa Brands Merge - Hydropool + Sunrise

Mississauga-based company Hydropool has made a groundbreaking announcement in the Canadian hot tub and swim spa industry by merging with Sunrise Spas. This merger brings together the leadership, intellectual property, and industry experience of both companies, totaling almost a century, to enhance the efficiency of the production process for both manufacturers.

The primary objective of the merger is to strengthen both the Hydropool and Sunrise brands. By working closely together, the companies aim to build a strong future. The merger presents an exciting opportunity for all those involved in either company.

While the two manufacturers join forces, most aspects of their operations will remain unchanged. Retailers can expect to continue receiving the same high level of service and support they have been accustomed to.

Over the next year, there will be a gradual shift in Sunrise’s production and assembly from Grimsby, Ont. to Hydropool’s location in Mississauga. This transition will be carried out at a reasonable pace to minimize any disruption for retailers.

Throughout the merger, the Sunrise brand family will be maintained, with a focus on strengthening both brands without one overshadowing the other. Dealers will maintain their existing relationships with Sunrise Spas’ customer service, sales teams, and senior leadership. Parts will continue to be supplied directly by Sunrise, and the warranty service will also be handled by Sunrise.

The merger is seen as a change that makes sense for both companies, considering the current economic climate. By operating more efficiently and expanding manufacturing capabilities, both Hydropool and Sunrise will be better positioned for the future.

Continue Reading

News

Spa Retailers Seek Military Candidates for Hot Tub Donation

Published

on

Spa Retailers Seek Military Candidates for Hot Tub Donation

The Spa and Sauna Company in Reno is currently accepting nominations for their upcoming hot tub donation program, specifically targeting local veterans and service members. This initiative, in partnership with spa manufacturer Sundance Spas and charity organization Wish for Our Heroes, aims to provide a deserving recipient with a complimentary Sundance Spa. The donation is scheduled to take place this summer.

While the program is open to nominations nationally through other participating hot tub dealers, candidates eligible for the upcoming donation must reside in the Reno, Sparks, Truckee, Tahoe area. The Spa and Sauna Co., an established business since 1990, specializes in the sale of hot tubs, swim spas, saunas, and BBQs. Their showrooms are located in Reno, Sparks, Carson City, Santa Cruz, and San Jose.

In addition to their collaboration with Wish for Our Heroes, The Spa and Sauna Co. actively supports various local community programs and participates in Toys for Tots. Owner Scott Clark emphasizes their gratitude and sense of responsibility to give back to the community. As passionate hot tub enthusiasts themselves, they aim to share the joy and benefits of hot tub ownership with as many families as possible.

The most recent recipient of their hot tub donation was Jason Kirmel-Long, a 100% disabled Navy veteran from Dayton, NV, who served as an electrician. Previous recipients include Trent Robbins of Sparks, a Purple Heart Marine, as well as several members of the Nevada National Guard with multiple overseas deployments.

Wish for Our Heroes is a national 501(c)(3) organization dedicated to supporting active-duty military personnel by providing resources to make their deployments more manageable and enhance the quality of their family lives. Sundance Spas, Wish for Our Heroes, and spa dealers across the country have collectively donated nearly 100 hot tubs to veterans, positively impacting the lives of over 120 veterans and their families.

If you know a deserving veteran or service member who could benefit from this program, you can submit a nomination on the Wish for Our Heroes website. Whether it’s a friend, family member, or even yourself, take the opportunity to recognize those who have served and contribute to making a difference in their lives.

Continue Reading

Become a Member of the Pool & Hot Tub Alliance

Press Releases

Spa Parts Experts Adds Popular Spa and Hot Tub Brands to its Offerings Spa Parts Experts Adds Popular Spa and Hot Tub Brands to its Offerings
Press Releases4 months ago

Spa Parts Experts Adds Popular Spa and Hot Tub Brands to its Offerings

Spa Parts Experts is undoubtedly relentless in delivering premium quality parts to meet the spa and hot tub needs of...

King Technology: The EPA Helps Protect Residential Swimming Pools and Hot Tubs King Technology: The EPA Helps Protect Residential Swimming Pools and Hot Tubs
Press Releases5 months ago

King Technology: The EPA Helps Protect Residential Pools & Hot Tubs

MINNEAPOLIS, May 4, 2023 /PRNewswire/ — King Technology: frogproducts.com Online purchasing has a dark side. Learn to check for EPA registration when buying...

Bullfrog Spas Unveils New Premium Clear Comfort AOP System Bullfrog Spas Unveils New Premium Clear Comfort AOP System
Press Releases5 months ago

Bullfrog Spas Unveils New Premium Clear Comfort AOP System

The All-New Bullfrog Spas Offering Leverages the Market-Leading CCW25 AOP System From Clear Comfort

Master Spas Becomes Official Partner of U.S. Masters Swimming Master Spas Becomes Official Partner of U.S. Masters Swimming
Press Releases6 months ago

Master Spas Becomes Official Partner of U.S. Masters Swimming

SARASOTA, Fla. — Master Spas has become an official partner of U.S. Masters Swimming, the two organizations announced on Tuesday. Master...

Bullfrog Spas Launches the New 2023 A Series Line of Hot Tubs Bullfrog Spas Launches the New 2023 A Series Line of Hot Tubs
Press Releases6 months ago

Bullfrog Spas Launches the New 2023 A Series Line of Hot Tubs

Innovative hot tub manufacturer, Bullfrog Spas, brings to market their all-new A Series line highlighting exclusive technologies, updated designs, and...

Press Releases7 months ago

Certified Pool & Spa Operator Certification Program Celebrates 50th Anniversary

(Alexandria, Va.) – The Certified Pool & Spa Operator (CPO) certification program is celebrating its 50th anniversary in 2023. In...

Ken Howard Joins Pool & Spa Apprenticeship & Training Committee Ken Howard Joins Pool & Spa Apprenticeship & Training Committee
Press Releases7 months ago

Ken Howard Joins Pool & Spa Apprenticeship & Training Committee

The Pool & Spa Apprenticeship and Training Committee is excited to announce another newly appointed Director to the Pool &...

Master Spas continues support of St. Jude Children’s Research Hospital as charity partner of Warburton Golf Tournament Master Spas continues support of St. Jude Children’s Research Hospital as charity partner of Warburton Golf Tournament
Press Releases7 months ago

Master Spas Continues Support of St. Jude Children’s Research Hospital as Charity Partner of Warburton Golf Tournament

Fort Wayne, IN – Master Spas, a leading manufacturer of premium hot tubs and swim spas, continued its support of...

Master Spas Sponsors Broadcast of Annual Bart Starr Award Presentation Master Spas Sponsors Broadcast of Annual Bart Starr Award Presentation
Press Releases7 months ago

Master Spas Sponsors Broadcast of Annual Bart Starr Award Presentation

PHOENIX, Feb. 16, 2023 /PRNewswire/ — Master Spas, a leading manufacturer of hot tubs and swim spas, is the proud broadcast sponsor...

Master Spas Names Terry Valmassoi as President & CEO Master Spas Names Terry Valmassoi as President & CEO
Press Releases8 months ago

Master Spas Names Terry Valmassoi as President & CEO

FORT WAYNE, Ind., Feb. 7, 2023 /PRNewswire/ — Master Spas, a leading spa manufacturer, recently announced that Terry Valmassoi has been named president and...

CPO Class - Virtual Online Classes - Become a Certified Pool Operator

Industry News From Pool Magazine

Trending