How a thermostat in the lobby fish tank let hackers steal a casino's high-roller database

How a thermostat in the lobby fish tank let hackers steal a casino's high-roller database

'Smart' aquarium gadget gave hackers access to the wider network

Hacking a casino high-roller database through the thermostat in a fish tank sounds like the plot of an Ocean's Eleven reboot. But according to the boss of a leading cybersecurity company, it really happened.

In yet another example of how businesses are failing to protect themselves against hacking through seemingly innocent internet of things (IoT) devices, it has been revealed how an unnamed casino had its database of high-rollers stolen through an internet-connected thermostat.

The offending piece of supposedly smart tech was used to regulate the water temperature of an aquarium installed in the lobby. But its internet connection - the very connection casino staff probably considered useful when installing the device - left the establishment's servers exposed.

Speaking at the WSJ CEO Council in London last week, Nicole Eagan, chief executive of cybersecurity company Darktrace, said: "The attackers used [the connected thermostat] to get a foothold in the network. They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud."

The problem here is obvious, and so is the solution; 'smart' devices like this thermostat need to meet the same security standards as a smartphone or laptop, and must be treated as such by their owners.

Yet, time and again, we hear reports of 'smart' devices being hacked. Brand new cars are stolen in seconds, a home's speakers are hacked to play voices (and Rick Astley) to their owners, face recognition systems are compromised, and internet-connected door locks are left open to attack.

Arbor Networks, a security software company, claims there were 27 billion devices connected to the internet in 2017, and that by 2030 there will be 125 billion, many of which being IoT products.

For the rest of the article, see here 

Click here to chat with us