TechDirt: Not Even Your 'Smart' Jacuzzi Is Safe From The Internet Of Broken Things
The Internet of things — aka the tendency to bring Internet connectivity to devices whether they need them or not — has provided no shortage of both tragedy and comedy. "Smart" locks that are easy to bypass, "smart" fridges that leak your email credentials, or even "smart" barbies that spy on toddlers are all pretty much par for the course in an industry with lax privacy and security standards.
Even your traditional hot tub isn't immune from the stupidity. Hot tub vendor SmartTub thought it might be nice to control your hot tub from your phone (because walking to the tub and quickly turning a dial is clearly too much to ask).
But like so many IOT vendors more interested in the marketing potential than the reality, they allegedly implemented it without including basic levels of security standards for their website administration panel, allowing hackers to access and control hot tubs, all over the planet. And not just SmartTub brands, but numerous brands from numerous manufacturers, everywhere [. . . .]
For those who need reminders, let us not forget prior SN (horror) stories:
(Score: 3, Interesting) by kazzie on Friday July 01 2022, @07:32PM
Most of what you list are more likely to be operated by proper Programmable Logic Controllers rather than fly-by-night IoT microcontroller lashups. Some of which may already be part of large-scale SCADA networks.
Having said that, the drift to more internetworking and the use of Ethernet-based protocols rather than bespoke serial stuff like Profibus, Modbus etc. does mean that there's a fresh attack surface opening up there.