Smart fish tank helped hackers infiltrate a casino
Internet-connected gadgets can be great, but they're not without their risks. We've seen warnings over poor IoT security from watchdogs and the government alike, and we've seen multiple instances where poor security has resulted in various data breaches. The latest example of this risk comes from a North American casino which was left exposed to hackers due to a smart fish tank. This fish tank, which was connected to the casino's network, served as an access point for hackers who then used it to find other network vulnerabilities.
The information comes from Darktrace, a security firm that recently spoke with CNN about the attempted hack. According to the firm's director for cyber intelligence, the hacker used the fish tank to gain access to the casino's network, and from there was able to move 'laterally to other places in the network' due to other vulnerabilities. The company detailed this and other atypical threats in a report it published today.
The hacker's access point — that is, the smart fish tank — wasn't something you'd ordinarily think of as a vulnerability; it was, after all, just set up to feed the fish automatically and monitor their environment. Its presence on the network, though, was enough to leave the casino open to attack, though fortunately it is said to have spotted the intrusion and stopped it before anything too serious happened.
Per Darktrace, some data was sent to an unspecified device in Finland by the hackers, though further details on that weren't provided. This issue serves to highlight the potential risks involved with so-called smart devices that are connected to the Internet, however. The most common example of this vulnerability are WiFi-connected security cameras that leave the video feed exposed.
Entire websites are dedicated to finding and posting these video feeds, and often times the camera's owner has no idea that their home or office camera is exposed to the entire Internet. Smart toys, however, have also become an increasing security risk, as we saw with the VTech data breach. Information provided through these connected gadgets have been, at times, stolen en masse via poorly-protected databases.