A Casino’s Database Was Hacked Through A Smart Fish Tank Thermometer
A casino’s high-roller database was allegedly accessed via a security flaw in a fish tank.
A cybersecurity executive has revealed that hackers used an Internet of Things (IoT) connected fish tank thermostat to gain access to a casino’s high-roller database. Darktrace CEO Nicole Eagan told the story to an audience in London last week.
“The attackers used that to get a foothold in the network,” she explained. “They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.” The incident raises awareness about the security of IoT objects.
IoT devices vulnerable
“There’s a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC [air conditioning] systems, to people who bring in their Alexa devices into the offices,” said Eagan. “There’s just a lot of IoT. It expands the attack surface and most of this isn’t covered by traditional defenses.”
Some of these flaws have been highlighted by Israeli researchers who found that many off-the-shelf home devices were able to be remotely accessed by default factory passwords. Other incidents of security flaws include smartphone applications that are used to monitor household applications.