Ever heard about the story of the breach that occurred at a casino through a fish tank? In 2017 it was reported that hackers gained access into a well-protected network used by the casino through an Internet of Things (IoT) device used to monitor the fish tank. According to Justin Fier, a director for cyber intelligence and analysis at Darktrace, “Someone used the fish tank to get into the network, and once they were in the fish tank, they scanned and found other vulnerabilities and moved laterally to other places in the network (WP).” The breach was so stealthy that even the fish didn’t detect it. Due to security reasons the name of the casino and reports about the breach were not disclosed. Incidents like this illustrate how vulnerabilities of IoT devices often get overlooked and can lead to big problems.
In 2017 the F.B.I. sent a warning to parents about the dangers of allowing children to play with internet-connected toys. Smart toys armed with a combination of cameras, sensors, microphones, voice recognition, and GPS give hackers access to spy on children. According to the F.B.I., “These features could put the privacy and safety of children at risk due to the large amount of personal information that may be unwittingly disclosed” (NBC). They urged parents of these toys to proceed with caution. “That means finding out a company’s privacy practice and know where any data collected by a smart toy is sent and stored, including whether the company uses third-party services. The F.B.I. also recommends keeping tabs on your child’s interactions with their toy via an accompanying parent app, if available” (NBC).
While Internet of Things, IoT, devices gained popularity more than a decade ago, they’re still one of the most overlooked vulnerabilities in a secure network system. People generally have a “plug and play” attitude when it comes to setting up these devices since they seem harmless. Items such as baby monitors, thermostats, smartwatches, home security systems, doorbell cameras, and home monitoring cameras can all pose a risk to security breaches or worse. The threat to IoT is so evasive that the Open Web Application Security Project (OWASP) has developed its own top 10 project. The first vulnerability listed is “Weak, Guessable, or Hardcoded Passwords.” Adhering to this first vulnerability is a major step to increases security.
In today’s golden age of convenience and innovation where consumers can control thermostats and monitor fish tanks through simplified phone applications, it is urgent to take precautions securing IoT devices. According to McAfee this can be done by setting strong unique passwords for each device, adding multi-factor authentication, securing your internet router, upgrading to newer routers as updates are needed, keeping apps up to date, and setting up a guest network specifically for your IoT devices (McAfee). By adhering to standards and practices of cybersecurity for IoT, you can be better prepared for cyber-attacks.
Sources
Schiffer, Alex. “How a Fish Tank Helped Hack a Casino.” Washington Post. 21 July 2017.
https://www.washingtonpost.com/news/innovations/wp/2017/07/21/how-a-fish-tank-helped-hack-a-casino
Newcomb, Alyssa. “FBI Warns of Privacy Risks With Internet-Connected Toys.” NBC News. 18 July 2017
“OWASP Internet of Things Project.” OWASP.
https://owasp.org/www-pdf-archive/OWASP-IoT-Top-10-2018-final.pdf
“Make Your Smart Home a Secure Home Too: Securing Your IoT Smart Home Devices.” McAfee. 25 May 2023