A cybersecurity executive said that hackers used a fish tank which was connected to the Internet of Things (IoT) to get access to a casino’s high-roller database. Nicole Eagan, CEO of Darktrace, told in an interview, “The attackers used that to get a foothold in the network. They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.” This incident has raised many questions about the security protocols of IoT objects. Eagan further said, “There’s a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC [air conditioning] systems, to people who bring in their Alexa devices into the offices. There’s just a lot of IoT. It expands the attack surface and most of this isn’t covered by traditional defenses.”
Many of these flaws were highlighted by Israeli researchers who found that many devices were able to be remotely accessed by using the default factory passwords. Many other incidents of security flaws were also noted which include smartphone applications that are used to monitor household applications. It was also reported that hackers were able to access the camera on robot vacuum cleaners and used it to take a tour of the interior of the house. Robert Hannigan, the head of the British government’s digital spying agency said that the sheer scale of IoT connected devices is actually the part of the problem. He said, “With the internet of things producing thousands of new devices shoved onto the internet over the next few years, that’s going to be an increasing problem. I saw a bank that had been hacked through its CCTV cameras because these devices are bought purely on cost.”
He suggested that there should be some government regulation around the industry. Hannigan said, “It’s probably one area where there’ll likely need to be regulation for minimum security standards because the market isn’t going to correct itself. The problem is these devices still work. The fish tank or the CCTV camera still work.” A video posted last year by a woman showed a hacker speaking to her using her private webcam. The Dutch woman noticed that her webcam began to move on its own after she installed it. She took the camera down but when she put it back on, the camera started moving again and a male voice started asking her questions. The hacker asked her if she speaks French. When she told him that she only speaks English, the man mocked her accent and said, “Hola Senorita”.
The woman told the hacker to leave her house after which the man verbally abused her. The woman shared the video of the incident on her Facebook and said, “I walked into the living room and I saw my camera move. The camera went back and forth. I had no idea what he was doing. Was it updating? All of a sudden, I heard a rumble. The camera turned my way, and I heard, ‘bonjour madame’. I moved to the left and right, and the camera came with me.” After the incident, the manufacturer of the camera issued a statement and advised all customers to use a strong password and change the default ID and password.