In an anecdote that illustrates how our increasing reliance on the Internet of Things (IoT) has compromised the security of confidential information, a cybersecurity executive revealed how a high-roller database of gamblers was accessed by hackers — through a thermometer in an aquarium in the lobby of the casino.
According to Business Insider, Darktrace CEO Nicole Eagan told attendees at an event in London how cybercriminals exploited a vulnerability in a connected thermostat in the unnamed casino. “The attackers used that to get a foothold in the network,” she explained. “They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.”
With so many connected devices in our houses, we rarely consider the security flaws that might be present in each individual unit. “There’s a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC [air conditioning] systems, to people who bring in their Alexa devices into the offices,” said Eagan. “There’s just a lot of IoT. It expands the attack surface and most of this isn’t covered by traditional defenses.”
Israeli researchers recently tested some off-the-shelf smart home devices and found that they were able to access most of them by simply using default factory passwords. Some phone applications designed to monitor household appliances have likewise been found to contain serious security flaws. Your robot vacuum could even be giving hackers a guided tour of your home using their on-board cameras.
The former head of the British government’s digital spying agency, Robert Hannigan, said governmental oversight is probably needed. “It’s probably one area where there’ll likely need to be regulation for minimum security standards because the market isn’t going to correct itself,” he said. “The problem is these devices still work. The fish tank or the CCTV camera still work.”
It’s probably safe to say you won’t be attacked by your robot lawnmower any time soon, but the proliferation of cheap unregulated IoT gizmos means cybersecurity firms are responding to new threats every week. “With the internet of things producing thousands of new devices shoved onto the internet over the next few years, that’s going to be an increasing problem,” Hannigan said. “I saw a bank that had been hacked through its CCTV cameras because these devices are bought purely on cost.”