Source - Having a whole bunch of smart objects like lights, appliances, and thermometers can make life a little more convenient for businesses, but buying into the internet of things can also make those same businesses more vulnerable to hackers.
Nicole Eagan, CEO of cybersecurity company Darktrace, revealed Thursday that a casino fell victim to hackers thanks to a smart thermometer it was using to monitor the water of an aquarium they had installed in the lobby, Business Insider reported. The hackers managed to find and steal information from the casino’s high-roller database through the thermometer.
“The attackers used that to get a foothold in the network,” Eagan said at a Wall Street Journal panel. “They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.”
That database may have included information about some of the unnamed casino’s biggest spenders along with other private details, and hackers got a hold of it thanks to the internet of things.
First of all, thoughts and prayers to the anonymous high rollers who may or may not have been effected by the breach. Losing the money you planned to lose before you were ready to lose it must be an unpleasant experience.
Anyway, ever since news of the Facebook data breach broke I’ve been reading up on cyber security and it’s absolutely fascinating. If I were to summarize everything I’ve learned in one sentence it would be, “We’re screwed.” Think about all the information that’s stored on your iPhone: bank info, browsing history, passwords, pictures, texts, emails, social media. It feels like it’s secure because we use our thumbprint to log into our accounts but it’s not. At least not as secure as we thought.
“There’s a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC systems, to people who bring in their Alexa devices into the offices,” she said. “There’s just a lot of IoT. It expands the attack surface, and most of this isn’t covered by traditional defenses.” Because these devices tend to be very basic, they often don’t include added security features outside of the common WPA2 Wi-Fi protocol, which by itself isn’t a great line of defense.
The more connected we are the more vulnerable we are. Take Alexa and Google Home for example. While they technically don’t record until you say their ‘wake word’, their microphones are always on. In other words, they’re always listening. Meaning if someone were to hack your Alexa, they could use its microphone to listen to your private conversations without you knowing. Spousal disagreements, confidential information- it could all be exposed. I know it sounds like a stretch, and it probably is, but these are real conversations that are being had in the cyber security community. Devices that were designed for personal use are being exploited by people with bad intentions.
Which brings me back to the Vegas story. These guys messed around with a fish tank thermometer and ended up in a high roller data base. Like I want to know step by step how they did it. You turn on the computer, open Safari, then what? How much planning goes into the hack? Were they in the casino when they did it? What exactly did they steal? WHO ARE THESE PEOPLE? I feel like they operate on a whole other level of intelligence. Like they read in numbers or something. I’m so curious about hackers that I think I want to become one. See if I can make a few extra bucks. So If anyone knows how to get into it shoot me a DM. Until then, I’ll stick to blogging.