Posted on April 16, 2018 at 4:46 PM
A high-stakes casino’s customer database was downloaded through the smart thermometer of the lobby’s fish tank.
Countless Internet of Things devices are released each year, and their usage is becoming more and more widespread. They can make our lives more streamlined as they execute menial tasks, allowing us to focus on more important aspects of our lives. However, they can also provide an uncanny backdoor to our sensitive data. A casino was made painfully aware of this vulnerability when hackers used a smart thermometer to steal the database of gamblers.
Nicole Eagen, the CEO of cyber defense company Darktrace, expressed concerned about how the increasing number of IoT devices can be used to compromise our security. Everything from a robot vacuum, through an air conditioning system, to a CCTV camera can be used as a backdoor by hackers to gain sensitive data. Eagen also added that a lot of these devices do not have a basic security system that could prevent many attacks from taking place.
Fishing for information
During the Wall Street Journal CEO convention in London, Nicole Eagen revealed an unlikely candidate for a security breach: a thermometer.
The device in question resided in the fish tank of an unnamed casino lobby. The hackers took advantage of the device to gain a footing in the casino’s internal network. They were then able to look around in it, and they inevitably found the database of high-rollers. They proceeded to download the data to the fishtank, and upload it to the internet, where they had free access to it. Darkstride worked with the casine to fix this particular vulnerability.
Increased number of risks
Threat researchers in Israel also inspected smart home devices that were not made to order. They easily gained access to those that still had not changed the password provided by the manufacturer. The smartphone applications for household electronics also had security vulnerabilities. For example, footage of the home could easily be gained through the camera of a robot vacuum cleaner, which is the modern equivalent of staking out a house before a burglary.
Also appearing on the panel was Robert Hannigan, who headed the British government’s digital spying agency from 2014 to 2017. Hannigan recalled a further story where a bank’s security was breached through it’s CCTV camera, adding that this was possible because it was bought solely on cost. Hannigan called for a minimum security standard for these devices, which would need to be regulated by governments, as he does not believe that the market will remedy the situation.