Hackers receive client list casino via a thermometer
Fine man, that Internet of Things. They will also find it at the casino that dropped the complete list of ‘high rollers’ – people who spend too much money in the casino and therefore receive special treatment – in the hands of hackers. The story, told byCEO of cybersecurity company Darktrace Nicole Eagan, is too bizarre for words.
Oh yes, actually it is not at all bizarre if you have followed the developments around the Internet of Things a little bit, because the common thread in all those stories is that the security against intruders in many of those smart and connected devices ] more than worthless .
Similarly, the thermometer that was installed in an aquarium in a casino. That kept the fish comfortable, but also proved to be an ideal entry for the hackers, who cracked the security of the device, entered the network and then had a relatively free play.
Once you are inside a network, the rest is not that difficult anymore, so the hackers found the list of high rollers and removed them from the network by the thermostat. How the casino finally found out is not clear, but it does show how easy you can overlook something that gives intruders access to your corporate network.
It can be as easy as that, because the experts agree that traditional cybersecurity can not properly cover all these possibilities. The problem is that very many of the kind of ‘smart’ or in any case connected devices have been in many places for a long time, and because they are simple they are not replaced quickly. They are not broken, so why would you?
Whether it’s a security camera, temperature systems such as air-conditioners or freezers or even an Amazon Echo that takes someone to the office, they are all potential entrances and it’s getting more and more difficult to shut them all up.
Minimum security standard
How do you solve it? A solution could be to maintain a minimum security standard that IoT devices must meet to be used. You can leave that to the market, but they do not do it, says ex-boss of the British GCHQ . He also saw banks being hacked because they had bought cheap (but poorly secured) security cameras. “As long as all these devices continue to work, no-one will see the problem, where regulation will probably be necessary.”
Perhaps a good idea, because who wants to admit that they are robbed because hackers have entered via the smart toothbrush? Just explain that.