Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hot Tub Hack Reveals Washed-up Security Protection (bbc.com)

Posted by msmash on from the security-woes dept.

Thousands of hot tubs can be hacked and controlled remotely because of a hole in their online security, BBC Click has revealed. From a report: Researchers showed the TV programme how an attacker could make the tubs hotter or colder, or control the pumps and lights via a laptop or smartphone. Vulnerable tubs are designed to let their owners control them with an app. But third-party wi-fi databases mean hackers can home in on specific tubs by using their GPS location data. Balboa Water Group (BWG), which runs the affected system, has now pledged to introduce a more robust security system for owners and said the problem would be fixed by the end of February.

Pen Test Partners -- the UK security company that carried out the research -- warned that hot tubs were not the only household items at risk. Founder Ken Munro said that many Christmas gifts people would receive this year would connect to the internet and offer remote control through apps. "Manufacturers still are not taking security seriously enough, and until they do consumers have to be very vigilant," he said. "We recommend users reset any default passwords the device has immediately with a unique one of their own."

69 comments

  1. Re: Thank you again, Donald Jay TRUMP! by Anonymous Coward · · Score: 0

    Encore! I got jitters! About time! Now seriously pace yourself. Plenty of time to get back to all this later, maybe. Unless you want to lunge for it

  2. How Many Men Can FIt in A Hottub? by Anonymous Coward · · Score: 0

    But the better question is, HOW DO YOU KNOW!?

  3. IoT by Anonymous Coward · · Score: 3, Insightful

    IoT - the rush for every manufacture to strap a computer to their thing and connect it to the internet and their walled garden platform.

    IoT guys need to get together with open standards and push for things like OTA updates and security reviewed libraries. In their rush to create walled gardens. They are creating an oasis of hacks just waiting to be found.

    How bad is it? Much worse then you think. Think of protocols that are sort of standard. No encryption. No authentication. Nothing. Then go hang that out on the internet behind a password page using state of the art tech from 1995 (if your lucky). Then even *if* there is some sort of security update thing. It is for maybe 1-2 years. So suddenly my 2k in outlay for hardware hubs and repeaters is useless because it is already at EOL. I own a 'smart TV' from 2009. None of the smart features work anymore. The TV is just fine though.

    1. Re:IoT by ctilsie242 · · Score: 4, Insightful

      As someone who has worked for an IoT company, a lot of companies actually build in insecurity:

      1: If there is a major show stopper that hits customers, causing lawsuits, the top brass shorts their stock the day before the announcements. They laugh all the way to the bank.

      2: Unfixable security issues force customers to re-buy everything. The more issues that are unpatchable, the more revenue an IoT provider gets. Especially if the IoT devices are designed to be resistant to "jailbreaking", so they can't be patched via third parties.

      3: IoT devices sending up a constant telemetry stream can make more cash than the device itself, especially to advertisers.

      Want to know how to have IoT devices have a lot better security? Not hard:

      1: Have a dedicated IoT firewall hub. This hub only allows communication as per signed manifest files. This way, if a device only communicates via HTTPS to a load balancer for updates, and suddenly starts phoning home to Lower Elbonia, that will be blocked. Of course, a lot of IoT providers will just do 0.0.0.0/255.255.255.255 for a netmask of permissive sites, but will be a cause of public humilation.

      2: Have the IoT firewall hub communicate in an offline state, similar to UUCP forwarding. That way, the IoT hub grabs updates and offers them available for devices. Since there is no direct access to the devices, it becomes difficult to attack them without physical access.

      3: Have something similar to UL, or Sold Secure, where devices get tested by an independent group and given a certification that they passed white box, black box, and other security attempts.

    2. Re:IoT by CanadianMacFan · · Score: 1

      With your third option to have something like UL to check devices don't you think companies would game the system just like some car companies did with emissions testing. (It wasn't just VW.) They'd send in a test system that didn't do the bad behaviours that were being checked for. Once they got the got the approval to sell the device they'd make sure the behaviour was turned on again and ship. Or have some way of detecting that the testing was being performed.

    3. Re:IoT by Anonymous Coward · · Score: 0

      All of the above is true, in addition (you should have mentioned):

      4. In China, where these things are built, it is (the equivalent of) a first degree felony
      to export anything using encryption. So everything from China (which is where these
      things are built) has broken security, encryption, etc. by design.

      In China, this "crime" is punishable by life in prison and the family's assets seized.
      The young females, if any, in the family are sent to forced labour camps to make
      electronics, and anything else the government's manufacturing requires.
      Remember, China is not a representative democracy.

      China is not a good place, and we should get the hell out of there and bring the jobs back home.

      CAP === 'tutoring'

    4. Re:IoT by Anonymous Coward · · Score: 0

      orig ac here... yep. I too worked for an IoT company.

      Your points are spot on. I personally do not even bother with the firewall bits anymore and just skip buying the stuff. Usually the phone app they tie this crap to is going to be unsupported in a year or two. Or the main servers will be 'gone' after they turn them off.

      I am thinking like you, something like UL. But more. I am thinking a stack of tools that everyone can use and can build upon. Frankly like you say the top IoT brass DNGAF. Something that is very important is an update platform that anyone can use properly. Because if you can not update it the thing is garbage in a few years. We will never get something like that because it is easier and in some cases more profitable to EOL the thing and try to resell an new set of devices.

      If you do decide to add in a IoT like device to your home. Follow this guys advice. FIREWALL IT and rate limit it. Separate network. Treat the thing as a hostile entity that is designed to sell you to the highest bidder or turn your network into a botnet. The problem is this takes a 'bit of knowhow'. It is not hard. But it is not hand it to my dad and tell him to go at it easy. The problem with your UUCP idea is most of these Iot/App devices need network access to a central server to work at all. The dark patterns being created and used are all to lock you into that '10 dollars a month monitoring/usage applications' where you actually rent your device on top of a large up front one time payment. Good idea though for a subset of devices.

    5. Re: IoT by Anonymous Coward · · Score: 0

      I have several device is my home. I happen to understand the important settings but I let my roommates fill in the settings I do not understand. I have never had any problems with this

    6. Re:IoT by ctilsie242 · · Score: 1

      [Citation Needed]. China has things to disparage it, but banning encryption is something I have yet to actually see as a law. I personally prefer having IoT stuff made from other sources than China (the ye old China +1 methodology), but I'd rather aim criticism accurately.

      Of course, in China, any venture on their soil has to be 51% or more owned by a domestic firm, and domestic firms have Chinese government officials on board, but I wouldn't say encryption is directly banned.

    7. Re:IoT by ShanghaiBill · · Score: 1

      No. For cars, it makes sense to send a "clean" car for emissions testing, and then sell a "dirty but efficient" car to the public. That way the regulators see low emissions, the customers get good milage, and everyone is happy.

      For IoT security, this makes no sense. It is only more expensive to design good security. Once you have it, it would make no sense to put in only the test unit. Since software has zero marginal cost, why not deploy it in every unit sold?

    8. Re:IoT by ctilsie242 · · Score: 1

      If I have to have an IoT device, there are precautions you can take. The best precaution is not to buy the device in the first place, or if it is a device like a smart TV, if it requires an internet connection to function, or it puts up a EULA, the TV goes back in the box and gets returned.

      1: Put it on its own VLAN, with its own internal IP space and different NAT. If you use 192.168, chuck it in a 172.16.x.x subnet, or a 10.x.x.x subnet. Hell, make the IP space 9.x.x.x, so the device thinks it is in some lab at IBM, as that internal IP doesn't matter to anyone but the device itself, and its masters.

      2: Firewall the living heck out of the VLAN. Geoblock everything. Log what the IoT device tries to communicate with. Does it need to have a constant outgoing tunnel to some site in Lower Elbonia? No, block it. In fact, it might be wise to buy a Raspberry Pi or another ARM based microcontroller and have that handle the ACLs so you can be sure nothing gets in or out that you don't explicitly want.

      3: Ideally, put each device on its separate VLAN with separate ACLs. That, or use the tiny ARM based firewalls with two network ports to handle firewalling on each port. This borders on overkill, but the devices can provide some interesting logs, potentially worth making public.

      4: It might be nice to have the router do a dedicated VPN link out just for that IoT VLAN, just so the IoT devices cannot geo-locate where they are accurately.

    9. Re:IoT by Anonymous Coward · · Score: 0

      1. would be illegal in just about the whole of the western world.

      2. most customers won't notice and won't rebuy stuff.

      3. illegal in many markets now.

  4. Great! Who has the Chernobyl? by Anonymous Coward · · Score: 0

    Just saying.

  5. What is the use case? by Anonymous Coward · · Score: 0

    Why would you ever want to control the temperature of a hot tub when you're not at home?

    1. Re:What is the use case? by Calydor · · Score: 2

      Get it started up before you get home, perhaps?

      --
      -=This sig has nothing to do with my comment. Move along now=-
    2. Re: What is the use case? by Anonymous Coward · · Score: 0

      No. Hot tubs can take days to heat up, you'd turn it up before you left your house. It's more efficient to keep it at constant temp than to raise and lower it anyhow.

      The bluetooth I can see being useful for playing music, but why the fuck would you put a GPS on one?

    3. Re: What is the use case? by Anonymous Coward · · Score: 1

      > Hot tubs can take days to heat up

      If it takes more than 12 hours, it's either defective or large enough for 20 people!

    4. Re: What is the use case? by Anonymous Coward · · Score: 0

      No. Hot tubs can take days to heat up, you'd turn it up before you left your house. It's more efficient to keep it at constant temp than to raise and lower it anyhow.

      Everything you said is 100% wrong. Yes, i would like fries with that, Skippy.

    5. Re: What is the use case? by ShanghaiBill · · Score: 1

      No. Hot tubs can take days to heat up

      No they don't. A typical electric hot tub has a 4kw heater and holds 400 gallons. That is about 5F or 3C per hour.

      A gas heater is much faster.

    6. Re: What is the use case? by Applehu+Akbar · · Score: 1

      No. Hot tubs can take days to heat up, you'd turn it up before you left your house. It's more efficient to keep it at constant temp than to raise and lower it anyhow.

      I had a home hot tub in the Eighties. Worst case, with electrical heating, it would take about 4-5 hours to heat up in the winter (lowland urban Arizona). Much faster than that with gas.

      That was in the Eighties, but I can see a use case for an IoT hot tub today: an attached webcam that streams all activity to an escrowed server at your lawyer's office. Then if some PoundMeTooer accuses you of creepy behavior, you have video proof or what actually happened.

    7. Re:What is the use case? by Ol+Olsoc · · Score: 1

      Get it started up before you get home, perhaps?

      Nah. My original hot tub did that, and it was a major pain in the ass. You had to plan a time that you were going into it, and if the weather was going to be bad at 10 p.m., so you thought it might be nice to go in at 7, it wasn't going to be warm enough.

      My present tub is really well insulated, and we keep it at a constant 104 degrees F. The UV bacteria control needs to cycle regularly as well. Just set the control panel with the mode, no need to have it exposed on the internet.

      About the only reason to put the thing on the internet is so that you can brag about it being on the internet.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    8. Re: What is the use case? by Ol+Olsoc · · Score: 1

      No. Hot tubs can take days to heat up, you'd turn it up before you left your house. It's more efficient to keep it at constant temp than to raise and lower it anyhow.

      Everything you said is 100% wrong. Yes, i would like fries with that, Skippy.

      I have had spas since the mid 1990's, and only the earliest would use that abominable thermal cycling. The manufacturer even suggested that I set it and forget it on my latest tub. Constant thermal cycling of a water appliance like a spa isn't a good idea anyhow, from the standpoint of expansion and contraction of components.

      As well, modern spas that aren't cheap hold their temps well. In the winter, our new outside tub will only drop maybe 4 degrees F over a 12 hour period as long as kept closed. Discovered this during a power failure.

      AC is definitely wrong about heating time. I can fill mine with 50 degree F water, start it up, and have it at 104 degrees F in about 6 hours.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    9. Re: What is the use case? by DontBeAMoran · · Score: 1

      AC is definitely wrong about heating time. I can fill mine with 50 degree F water, start it up, and have it at 104 degrees F in about 6 hours.

      ... and have 50kg of pasta ready about 2 hours after that?

      --
      #DeleteFacebook
    10. Re: What is the use case? by Ol+Olsoc · · Score: 1

      AC is definitely wrong about heating time. I can fill mine with 50 degree F water, start it up, and have it at 104 degrees F in about 6 hours.

      ... and have 50kg of pasta ready about 2 hours after that?

      Well, Ramen noodles anyhow.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  6. Not for me thanks by AndyKron · · Score: 4, Insightful

    Why the hell does a hot tub need blue tooth and GPS data? Answer: They don't.

    1. Re:Not for me thanks by Anonymous Coward · · Score: 1

      I'd rather mine have a TPS (Temporal Positioning System) for when my buddies want to do some time travelling.

    2. Re:Not for me thanks by R3d+M3rcury · · Score: 1

      Well, it depends...

      I’m with you on GPS. But I can see wanting remote control and data to my smartphone if my hot tub is outdoors in the winter. I can turn it on from the warm house and be able to know when the tub is actually hot before going outside.

    3. Re: Not for me thanks by Anonymous Coward · · Score: 0

      I think it is called a jacuzzi

    4. Re:Not for me thanks by ShanghaiBill · · Score: 1

      Why the hell does a hot tub need blue tooth and GPS data?

      Because if you can turn it on remotely, from work or wherever, only on the days you decide to use it, then you don't need to leave it on all the time. This saves money and reduces CO2 emissions.

      A remotely controlled hot tub is a sensible convenience. It just needs to be done securely.

    5. Re:Not for me thanks by Ol+Olsoc · · Score: 2

      Well, it depends...

      I’m with you on GPS. But I can see wanting remote control and data to my smartphone if my hot tub is outdoors in the winter. I can turn it on from the warm house and be able to know when the tub is actually hot before going outside.

      Modern spas do much better when turned on, set the temp, and leave it there. About the only time to change that is if you are going away for a few weeks, then at least on my spa, you walk over, activate the control panel, and turn the temperature down.

      Years ago, like the 1990's they suggested cycling the temperature. Didn't work all that great for the equipment, and you had to decide when you were setting up the cycling programming when you were going into the tub. Meh. That turned out to really suck. Get home from work, and the wife says It's supposed to rain starting arounf 10 this evening, so let's hit the tub at 8:30, okay?

      You don't do that in a thermally cycled spa. Even so, our spa only loses about 4 degrees over a 12 hour period in the cold of winter. It's highly insulated and so is the cover. Manufacturer says set and forget.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    6. Re:Not for me thanks by DontBeAMoran · · Score: 1

      https://www.imdb.com/title/tt1...

      --
      #DeleteFacebook
    7. Re:Not for me thanks by Anonymous Coward · · Score: 0

      how can you find the hot tub without GPS?

    8. Re: Not for me thanks by spire3661 · · Score: 1

      All Jacuzzis are hot tubs, not all hot tubs are Jacuzzis.

      --
      Good-bye
    9. Re: Not for me thanks by Anonymous Coward · · Score: 0

      > All Jacuzzis are hot tubs, not all hot tubs are Jacuzzis.

      Some Jacuzzis are bathtubs!

  7. Re:Thank you again, Donald Jay TRUMP! by Known+Nutter · · Score: 1

    I switched to -1 looking for this post and was not disappointed.

    No mod points at the moment, so, bravo to you, sir! Irregardless of political position, I am happy to have seen this post. I just knew it would be here... and it was! What a time to be alive!

    --
    Beware of the Leopard.
  8. No hot tubs in FEDERAL PRISON, sorry traitors! by Anonymous Coward · · Score: 0

    Don't worry, we'll all soon enjoy watching Trump do the perp walk. Along with his bitch beta traitor sons and bauble-whore traitor daughter. They should have fled back to their Moscow Tower while they had the chance. #Gallows

  9. Hot Tub Time Machine by Anonymous Coward · · Score: 0

    When the suxnet virus was looking for an Iranian hot-tub and mistakenly turned the Jets on to maximum on an American hot tub and some mountain dew was spilled on the controls the world's first time machine was made.

  10. Reminds me of Dilbert skit by Anonymous Coward · · Score: 5, Funny

    Dilbert: Good morning, shower!
            Automated Shower Machine: Good morning, Dilbert!
            Dogbert: Hmm, don't you do enough engineering at work?
            Dilbert: Work is just meetings, this is engineering. If this works, someday all showers will be voice activated.
            Dogbert [sitting on a stool]: Is it that hard to turn the knobs?
            Dilbert: It's not that it's hard, it's unnecessary. [To ASM] 99, please.
            ASM: 99. [shower turns on at 99 degrees; Dilbert steps inside]
            Dogbert [aside]: 400.
            [The ASM does nothing]
            Dilbert: Heh-heh, nice try. But the shower is calibrated to respond to my voice only.
            Dogbert: Why, you think of everything!
            Dilbert: I'm cautious.
            Dogbert: That's why you had training wheels on your bike until you were 17.
            Dilbert: I was 14.
            ASM: 14. [makes the shower temperature 14 degrees]
            Dilbert: AAAAAAAAHHHHHHHH! [is frozen in a block of ice] 99! 99! 99! [shower goes back to 99 degrees, as the ice melts] Don't do that!
            Dogbert: Where'd you get the voice for that thing? It sounds like the voice for that stupid movie; what was it called, "something, something, a Space Odyssey"?
            Dilbert: It wasn't "Something, something, a Space Odyssey", it was "2001: A Spa-" [cut to the exterior of the house, as the ASM evidently makes the shower temperature 2001 degrees] AAAAAAAAGGGGGGHHHHH!!!
            [back inside, a red-skinned Dilbert wraps a towel around himself, which then catches on fire as he walks off-screen]
            Dogbert: On the plus-side, you look very clean.

    1. Re:Reminds me of Dilbert skit by Applehu+Akbar · · Score: 1

      I'm afraid I can't install that, Dave.

  11. Not the hack I’m looking for by 93+Escort+Wagon · · Score: 2

    So where’s the hack that turns the Hot Tub into a Time Machine?

    --
    #DeleteChrome
    1. Re:Not the hack I’m looking for by Anonymous Coward · · Score: 0

      First you need some nitratrinanium...

  12. Re:Thank you again, Donald Jay TRUMP! by Anonymous Coward · · Score: 0

    What makes you think that the current buggy hot tub software wasn't written by a "good" Mexican Migrant that was paid minimum wage?

  13. IoT obsession! by grumpy-cowboy · · Score: 3

    I work in IT for 23 years now and I don't understand this obsession with IoT !
    Are you to lazy to turn off your lights yourself? To use a simple programmable
    thermostat? You really want to bug your home with a Google Home/Amazon Alexa/...
    or any other IoT gadget "du jour" to be spied on 24/7? Yes I have a cell phone.
    This is the only "connected" device I have. Not a single IoT device will ever
    enter in my house.

    On the next IoT devices hack, the next state-sponsored privacy invasion scandal
    or the next Amazon/Google/Nest/... and now Hot Tub manufacturers (WTF!!) leaks
    all private data collected by their connected devices, I'll open a bag of
    popcorn and watch it from my "not so cool" analog but peaceful life. :)

    --
    Will $CURRENT_YEAR be the year of the Linux Desktop?
    1. Re:IoT obsession! by Anonymous Coward · · Score: 1

      I work in IT for 23 years now and I don't understand this obsession with IoT !

      Q.E.D.

      Nor, it seems, do you understand proportional fonts.

    2. Re:IoT obsession! by fredrated · · Score: 3, Informative

      Old-time programmers like me don't like proportional fonts, we like to have columns line up as an additional check on code accuracy.

    3. Re:IoT obsession! by scsirob · · Score: 3

      I'm in IT for 35 years now and I can't agree more. What's this obsession with IoT? It's totally ludicrous. It's the Internet of Trouble.

      I wouldn't be surprised if the Chinese actually make the firmware so crappy on purpose. We are allowing the Chinese to carpet-bomb our society with millions of backdoored, easily hackable connected devices, allowing a coördinated attack on essential infrastructure, and (to stay in the Trump-bash mode), we pay for it ourselves!

      --
      To Terminate, or not to Terminate, that's the question - SCSIROB
    4. Re:IoT obsession! by Anonymous Coward · · Score: 1

      Totally agree, when writing code. When communicating, proportional fonts were de rigueur in the 11th century with the invention of moveable type. Since then, using monospaced fonts degrades written, non-code communication.

    5. Re:IoT obsession! by gweihir · · Score: 1

      It is not actually an obsession with IoT, but something far darker: It is an obsession with money and any demented hype is good enough to make it.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    6. Re:IoT obsession! by Anonymous Coward · · Score: 0

      I don't get why more /.'s are not making their own. I replaced the pool controller with a beaglebone when the old one got flakey. Replacement unit was 1200, All the parts for building a replacement were 100. Bonus, it works much better is more flexible and can be accessed from any machine in my house or my phone. The old one had a clunky remote control that worked a max of 100' away. While I suspect the security I setup is not world class, I also do not see anyone spending a month or 2 trying to figure out what I did for one lousy pool.

    7. Re:IoT obsession! by Strider- · · Score: 1

      I'm in IT for 35 years now and I can't agree more. What's this obsession with IoT? It's totally ludicrous. It's the Internet of Trouble.

      On the other hand it can be quite helpful of done right. Computers are very good at monitoring things and doing consistently for long periods of time. I work with an organization that operates a camp in the wilderness. We've instrumented or walk in freezers and refrigerators so that they alarm and/or email us if the temperatures go out of whack (or the refrigeration units fail), we've put in flood detection systems in the basements of buildings that aren't used in the winter, freeze detection in sensitive places and so forth.

      Basically the systems are doing what our staff could do, but often gets neglected. Computers are very good at this.

      That said, none of these systems have access to the outside world and are deliberately segregated onto their own overlay network.

      --
      ...si hoc legere nimium eruditionis habes...
    8. Re:IoT obsession! by Applehu+Akbar · · Score: 1

      I run a houseful of IoT sensors The app will bing a notification on my phone if something leaks or catches fire. All of the information flows one way, though. I'm not currently using the system to control anything.

    9. Re:IoT obsession! by ShanghaiBill · · Score: 0

      I'm in IT for 35 years now and I can't agree more!

      So one geezer agreed with another that new fangled stuff is unnecessary, and we should go back to the good ole' days of floppies and dot-matrix printers.

      Also, "being in IT" does not make you an expert on the convenience of the design of interfaces to household appliances. If anything, it should disqualify you.

    10. Re:IoT obsession! by Anonymous Coward · · Score: 0

      i like to use wingdings when programing. Unless it is web design, then i use webdings. YMMV

    11. Re:IoT obsession! by Anonymous Coward · · Score: 0

      Not that you likely care, but I skip such posts. They are unpleasant to the eye.

    12. Re:IoT obsession! by grumpy_old_grandpa · · Score: 1

      > I don't get why more /.'s are not making their own.

      I'd guess it's because most "IT people" really aren't that much into technology.

      Forget about hobby electronics. Most software engineers I've worked with use the pre-installed OS on their pre-built computer. Maybe they'll change the desktop background.

    13. Re:IoT obsession! by sad_ · · Score: 1

      and we know that, no matter how we try, there will always be security holes. why would you want to take any risks in that?
      and let's not go down the path of software going obsolete, why wants to replace his fridge, tv, bath, lights, ... each time the app is no longer supported and stops working or the protocol is no longer supported, etc. etc.
      also everything is easy to understand now, put some connected systems in the mix and enjoy troubleshooting why your light wont turn on when the fridge detects you're running low on milk.

      --
      On a long enough timeline, the survival rate for everyone drops to zero.
  14. Do these things have a built-in camara by fredrated · · Score: 1

    we can hack?

    1. Re:Do these things have a built-in camara by Anonymous Coward · · Score: 0

      It'll be like gay men farting in a hot tub... you never know what will come up.

  15. Cringeworthy headline - won't read. by Anonymous Coward · · Score: 0

    I assume someone hacked a hot tub. Hackable stuff is hackable. It would have been news if it was secure.

  16. Re: Thank you again, Donald Jay TRUMP! by Anonymous Coward · · Score: 0

    I saw a desk that moved from sitting to standing using a phone app. I didn't see the point. Now I do the point is someone can hack your desk and make it go up and down while laughing at you.

  17. so are there smart dildos by Anonymous Coward · · Score: 0

    imagine the meyhem LOL

    1. Re:so are there smart dildos by Ol+Olsoc · · Score: 1

      imagine the meyhem LOL

      Ask and ye shall receive! http://www.therabbitvibrator.c...

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  18. to go back in time by Joe_Dragon · · Score: 1

    just don't put the date in the temp field

  19. Simple Solution by spaceman375 · · Score: 1

    The only problem I see with all these IoT devices is that they insist on internet access. If it isn't online, it can't be remotely hacked. You don't need security updates if it isn't able to reach, or be reached by, the internet. Oh, you want to run it remotely yourself, say from work or while on vacation? Fine. ever hear of a VPN? I have lights, plugs, and various other devices that I firewalled off from anywhere but my local net. I can control any of them from anywhere I have internet access, just by first joining my personal, private, as secured as I can make it, VPN. Suddenly my phone or laptop are local, and I can reach my devices just fine. One attack surface, not dozens. Yes, "smart" speakers need access to work, fine, they can have it. But a hot tub? My lights? A simple plug? If it won't work without sending my usage and god knows what else back to the manufacturer, I won't buy it.
    BTW, TP-Link seems to be able to be local only without a problem. Very little else out there can make that claim, but I'd very much welcome more info on that, be it other brands that can be local only, or any caveat with the TP-Link brand.

    --
    On the one hand you take life too seriously, and on the other, you do not take playful existence seriously enough. Seth
  20. Good. by bjwest · · Score: 1

    If you're stupid enough to buy a hot tub and connect it to the internet, you deserve to be boiled alive. WHY IN THE FUCK would anyone need this kind of shit?!?

    --

    --- Keep the choice with the user..
  21. Wtf by Anonymous Coward · · Score: 0

    Why the fuck is your hot tub connected to the internet?

  22. And the reason your hot tub's 'Net-connected is? by whitroth · · Score: 1

    You're going to get into it. You walk out, and turn it up that morning.

    But you really, really want some 16-yr-old idiot who thinks he's k3wl to turn it off, or turn it to parboil, right?

    As the lady wrote, the IGCIT (pronounced id-jit), the Internet of Gratuitously Connected Insecure Things.

  23. Comment removed by account_deleted · · Score: 0

    Comment removed based on user account deletion