Monday, April 16, 2018

IoT: Hackers Broke Into a Casino’s High-Roller Database Through a Fish Tank In the Lobby

There is no reason, other than the vendor's data slurping desire and the gee-whiz factor for the client, to have a thermometer hooked up to the internet.
And yet the sensor, database-management, cloud computing and AI chip purveyors are pushing this stuff as hard as they can.
While you can understand how valuable the high-roller data is for folks with agendas ranging from marketing to blackmail, the real risk is going to appear with connected or smart cities collecting data on everyone and everything.
Who knew utopia was going to be so dystopian?

From Digital Trends:
In an anecdote that illustrates how our increasing reliance on the Internet of Things (IoT) has compromised the security of confidential information, a cybersecurity executive revealed how a high-roller database of gamblers was accessed by hackers — through a thermometer in an aquarium in the lobby of the casino.

According to Business Insider, Darktrace CEO Nicole Eagan told attendees at an event in London how cybercriminals exploited a vulnerability in a connected thermostat in the unnamed casino. “The attackers used that to get a foothold in the network,” she explained. “They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.”
With so many connected devices in our houses, we rarely consider the security flaws that might be present in each individual unit. “There’s a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC [air conditioning] systems, to people who bring in their Alexa devices into the offices,” said Eagan. “There’s just a lot of IoT. It expands the attack surface and most of this isn’t covered by traditional defenses.”

Israeli researchers recently tested some off-the-shelf smart home devices and found that they were able to access most of them by simply using default factory passwords. Some phone applications designed to monitor household appliances have likewise been found to contain serious security flaws. Your robot vacuum could even be giving hackers a guided tour of your home using their on-board cameras.

The former head of the British government’s digital spying agency, Robert Hannigan, said governmental oversight is probably needed. “It’s probably one area where there’ll likely need to be regulation for minimum security standards because the market isn’t going to correct itself,” he said. “The problem is these devices still work. The fish tank or the CCTV camera still work.”...MORE, including video.