Internet of Things Tip: Don’t Get Hacked Through Your Fish Tank

If you’re a network administrator, sysadmin, or security head, your job hinges on keeping your tech stack secure. And the Internet of Things (IoT) can make that goal a nightmare.

Case in point: an unknown hacker (or hackers) who managed to steal a database of rich gamblers via an internet-enabled thermometer in an aquarium in a casino’s lobby. “The attackers used that to get a foothold in the network,” Nicole Eagan, the CEO of Darktrace, told an audience at the WSJ CEO Council Conference in London, according to Business Insider. “They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.”

At that same conference, former GCHQ head Robert Hannigan claimed to have seen a bank “that had been hacked through its CCTV cameras, because these devices are bought purely on cost.”

As the Internet of Things becomes more prevalent, it’s more important than ever to ensure it’s locked down. The first step is awareness: too many sysadmins and security experts aren’t even aware of everything that’s actually on their network. That’s what makes a regular system audit so valuable.

Every device under a company’s roof doesn’t need to be web-enabled, either. An aquarium thermostat with internet connectivity isn’t exactly a mission-critical device—and thanks to hacks such as the casino one, it’s also not something you can just connect to the network and walk away. As the Internet of Things becomes more sophisticated and ubiquitous, ironically, it might compel administrators to become far pickier about what they allow onto their networks.

But most of all, any internet-enabled device on a network—no matter how small and inconsequential—needs to undergo a full evaluation and configuration. Set limited access, ensure passwords are strong (and unique), make sure all patches and upgrades are up-to-date—if you’re a tech pro, you know the drill when it comes to reducing attack surfaces. Totally impregnable security is an impossible dream, but you can take concrete steps to ensure that your company won’t be hacked through a so-dumb-it’s-hilarious vector like the lobby fish tank.

And if you’re interested in building Internet of Things devices that are far more secure and reliable than the current generation’s hardware, check out some stats about the segment’s growth and penetration over the next several years.

Related

7 Responses to “Internet of Things Tip: Don’t Get Hacked Through Your Fish Tank”

    • That would be a good idea. You would still want high security even on the small device at work. Remember, they could still hack into those devices and cause Havoc. For example changed a thermostat to extremely hot or extremely cold.

    • Bergman

      That at least doubles the complexity of your network, and in an environment where IT’s budget is set by non-IT people, you might not be able to convince them of the necessity. Even if you do though, all it takes is one confused employee, not even acting maliciously, to connect a device to the wrong network, and suddenly your security evaporates.