Internet of Things (IOT) devices like CCTV cameras, air-conditioning units and even smart thermometers are being targeted by hackers to compromise and thieve corporate data.
In a notable revelation on Thursday, Nicole Eagen, chief executive of cybersecurity firm Darktrace claimed that a casino fell victim to hackers who targeted a smart thermometer that was installed to monitor the water temperature of an aquarium installed in the casino’s lobby. The hackers located and stole the casino’s database of high-roller clients, by hacking the thermometer.
“The attackers used that to get a foothold in the network,” Eagan said at a Wall Street Journal panel. “They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud,” she added.
That database is particularly valuable, storing details including some of the casino’s biggest spenders alongside other private details.
The proliferation and advent of connected smart devices is seeing everyday citizens more vulnerable to cyber attacks, she told the panel, pointing to this particular example.
Typically, these devices tend to have basic security protocols with few safeguards beyond the commonly used WPA2 Wi-Fi protocol. The widespread usage of IoT devices and the lack of robust cybersecurity measures make them a common attack vector for cybercriminals.
“There’s a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC systems, to people who bring in their Alexa devices into the offices,” she said, as cited by the Business Insider. “There’s just a lot of IoT. It expands the attack surface, and most of this isn’t covered by traditional defenses.”
Image credit: Pexels.