Aquarium IoT Access Leads to Damaging Data Leak
So you go to bed at night, you lock the front door, you lock the back door, even lock the side door connecting the kitchen to the garage. You feel you are safe right? Then while you are asleep, a robber breaks in and steals you blind. But how? The doors are still locked. The windows are secure.
Did the robbers go in through the walls? Did they tunnel under the house and come up through the floor? Yes, so to speak. They came through an internet connected device. The recent theft of high rollers’ information from a casino isn’t far from the truth of that description.
Our increasing reliance on the Internet of Things (IoT) has compromised the security of confidential information, a cybersecurity executive said in an interview with “Business Insider.” Hackers accessed a database of high-roller gamblers in a way worthy of a Sherlock Holmes case—through a thermometer in a casino lobby aquarium.
Darktrace CEO Nicole Eagan in London told Business Insider that cybercriminals exploited a vulnerability in a connected thermostat in the unnamed casino. “The attackers used that to get a foothold in the network,” she explained. “They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.”
With so many connected devices in our houses, most people rarely consider the security flaws that might be present in each unit. IoT access to data in a home could range from thermostats, refrigeration systems and HVAC [air conditioning] systems to personal assistant devices that outsiders bring into the home.
Israeli researchers recently tested some off-the-shelf smart home devices and found they were able to access most of them by simply using default factory passwords. Some phone applications designed to monitor household appliances have likewise been found to contain serious security flaws. A robot vacuum could give hackers a guided tour of your home using its onboard camera.
Machines and appliances may be “smart,” but crooks are even smarter. Robert Hannigan, formerly with British Intelligence, says government need to regulate these devices to protect consumers:
“It’s probably one area where there’ll likely need to be regulation for minimum security standards because the market isn’t going to correct itself,” he said. “The problem is these devices still work. The fish tank or the CCTV camera still work.”
Consumers shouldn’t delay in reviewing access to their internet connected devices to prevent a digital breaking and entering.