SoylentNews is people
SoylentNews
In further proof that security's only as strong as the weakest link, an Internet-connected fish tank has been used to gain access to a casino's internal network. While exact details have not been published, it has been claimed that 10 GB of data were sent outside the network. As more things become Internet-connected, it's likely these stories will become even more common.
Hackers are constantly looking for new ways to access people's data. Most recently, the way was as simple as a fish tank.
The hackers attempted to acquire data from a North American casino by using an Internet-connected fish tank, according to a report released Thursday by cybersecurity firm Darktrace.
The fish tank had sensors connected to a PC that regulated the temperature, food and cleanliness of the tank.
"Somebody got into the fish tank and used it to move around into other areas (of the network) and sent out data," said Justin Fier, Darktrace's director of cyber intelligence.
The casino's name and the type of data stolen were not disclosed in the report for security reasons, Darktrace said. The report said 10 GB of data were sent out to a device in Finland.
"This one is the most entertaining and clever thinking by hackers I've seen," said Hemu Nigam, a former federal prosecutor for computer crimes and current chief executive of SSP Blue, a cybersecurity company.
(Score: 0) by Anonymous Coward on Wednesday August 16 2017, @06:19PM (1 child)
Since there is no way we'll ever get IoT manufacturers to suddenly all be security conscious it would be better to develop methods of quarantine. So, how do we prevent a compromised device from hacking your network?
(Score: 2) by MrGuy on Wednesday August 16 2017, @09:32PM
Don't put it on there. Problem solved.
Seriously. Have a completely separate network for IoT devices. Have it run on its own routers, have its own firewall (which should never permit inbound connections), and its on completely separate pipe to the outside world (if required) than anything else you run. Do not let non-IoT devices connect to the IoT dedicated network. Do not allow IoT devices access to any other network. It you need a computer to monitor your IoT devices, have a dedicated machine that connects to the IoT network to do so.
In other words, always consider every piece of IoT gear untrusted. Do not expect this to change. Never let it on the trusted network. Give it its own network so that the only thing it can damage is other IoT gear.
If you absolutely have to bridge the IoT network to your "trusted" network (example - a hotel with IoT locks that need to be told which keys to recognize by the non-IoT central reservations system), then have a dedicated, locked-down piece of hardware that can only accept very specific requests, and is the only bridge between the networks (e.g., all requests from the CRS to the locks have to pass through the "lock gateway" that only knows how to talk to the locks (and will only accept certain specific types of communication FROM the locks).