The Internet of Things (IoT) can help run almost any device in use in your organization, but this also means you could be hacked by a fish tank.
This may sound highly unlikely, but this is exactly what happened to a North American casino and underlines just how vulnerable IoT devices are. It also demonstrates how every single IoT device, no matter how insignificant and harmless it may appear, is at risk. Hackers, after all, do not discriminate – if there’s a way to gain access to a network then they’ll exploit it.
As this is one of the more unusual attacks to have affected an IoT device, I’m going to take a closer look at it before advising you on a few tips to avoid getting hacked by a fish tank.
Hacking the Tank
The fish tank – which was situated in the unnamed hotel – had been installed with state of the art sensors which monitored and regulated factors such as water temperature, saline levels and release of food. Making devices such as these sensors compatible with IoT technology allows the tank to be controlled remotely, but this accessibility also opens up such IoT devices to the interests of hackers. Although the hotel had security measures in place, they were evidently not secure enough.
Many IoT devices lack advanced, internal security technology so any external security measures need to be as advanced as possible to pick up the slack. In this particular case, the fish tank’s sensors were hacked which allowed the hackers to transmit 10GB worth of data to a remote server based in Finland. The casino’s existing security tools were able to identify that data was leaking externally, but were unable to identify where from and where it was being transmitted to.
Thankfully, security experts Darktrace were able to pinpoint where the vulnerability was and were able to advise the casino to disconnect the fish tank sensors immediately. 10GB worth of data may not sound like a huge amount of data in this day and age, but when you consider the amount of personal and financial details a casino may hold, 10GB could cause a lot of concern for any patrons of the casino.
Securing IoT Devices
Being hacked through a fish tank is a highly embarrassing security flaw for any organization, so understanding how to secure IoT devices is paramount. Make sure you’re implementing the following security measures with IoT devices:
- Change Default Passwords – Many IoT devices come preloaded with a default password and, by leaving this in place, you’re reducing the number of guesses and effort that a hacker needs to put into brute-force hacking the password. It’s estimated that around 15% of IoT device owners do not change this default password, so make sure you change this as soon as the device is installed.
- Install Firmware – As I’ve previously mentioned, the security technology loaded onto IoT devices is sometimes sadly lacking. However, even worse than poor security software is outdated security software. And that’s why it’s crucial that any firmware updates are installed immediately to patch any potential vulnerabilities.
- Separate Networks – The number of IoT devices operating in any one organization can easily run into the hundreds. Essentially, this means that there are hundreds of routes into your network and this could cause real chaos if just one device is breached. Therefore, penning off IoT devices into separate networks is a preventative step which can limit the reach of any hackers.
For more ways to secure and optimize your business technology, contact your local IT professionals.