Posted on 12/25/2020 7:23:35 PM PST by TigerLikesRoosterNew
---snip---
We have another great example that showcases how one innocent looking insecure IoT device connected to your network can cause security nightmares.
Nicole Eagan, the CEO of cybersecurity company Darktrace, told attendees at an event in London on Thursday how cybercriminals hacked an unnamed casino through its Internet-connected thermometer in an aquarium in the lobby of the casino.
According to what Eagan claimed, the hackers exploited a vulnerability in the thermostat to get a foothold in the network. Once there, they managed to access the high-roller database of gamblers and "then pulled it back across the network, out the thermostat, and up to the cloud."
Although Eagan did not disclose the identity of the casino, the incident she was sharing could be of last year, when Darktrace published a report [PDF], referencing to a thermometer hack of this sort on an unnamed casino based in North America.
---snip---
(Excerpt) Read more at thehackernews.com ...
Hackers exploit casino's smart thermometer to steal database info
BY KELLEN BECK
APR 16, 2018
"The attackers used that to get a foothold in the network," Eagan said at a Wall Street Journal panel. "They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud."
Reminds me of the old fax days.
Judging by his hysterically tragic story, those lights apparently need a smart *owner*, as well.
:D
Every time I hear of the term “smart”...I think “stupid”.
2001: A Space Odyssey was the first warning for this stuff and then in 1977, there was this horrifying movie.
https://www.imdb.com/title/tt0075931/
Everything in this house relies upon me flicking a switch.
My house is happily stupid.
;)
There was a story a few days back that one of the Dominion machines was connected to the internet via a thermostat.
Thanks for posting, New. Go to a casino. Look at all the Chinese-themed machines. Don’t use your card. Notice the companies that make these “games”. Who are they partnered with?
CCP = CNP Comprehensive National Power includes Comprehensive Data Collection.
Kai-Fu Lee at edge.org likes the data collectors to “Chinese Gladiators”. Go figure.
https://www.learnchinesehistory.com/history-chinese-emperors/
https://www.edge.org/response-detail/23838
One of my neighbors has a DIL who is in CyberSecurity and she doesn’t have anything ‘smart’ in her home. This lady’s daughter’s office is like a real tight drum, security-wise.
We’re going to be hold-outs on any ‘smart’ TV or appliance.
I freaked out one day because we were discussing something and my damn IPad repeated something I had just said. I was 4 feet away from it and had not pressed the sound tab, or anything like it. My husband and I *both* damn near had strokes. It hasn’t done it since then.... so we have no clear idea what happened... it had never done anything like that in the years I have had the IPad... only that one time....
...still, it spooked us enough! We’d already made the decision never to have a ‘smart’ TV; this just reinforced that decision.
What I don’t understand is why people were shocked when their ‘smart’ homes locked them out. There have been movies made about bad guys doing that to homes and businesses!!!
Give me a key and lock any day of the week.
And a strong, reinforced door, as well! :)
Do you get it yet!?!
I’m with them. However, every phone or home computer or router can probably be hacked by those who know how. Paper and pen in my line of work is all I trust to keep things private.
So does the Mirage
Wouldn’t a VPN solve this problem?
Oh fer cod’s sake
Right out of the gate, you win the thread!
The link to the report is no longer available.
However, I dug up the relevant section of the report from somebody's blog(https://seedvc.blog/2017/08/01/hacking-the-fish-tank/). For some reason, there are spelling problems. Here it is:
Read #6:
Technological innovations keep businesses dynamic and pro table, their employees productive and creative, and their premises exciting and modern. A North American casino recently installed a high-tech sh tank as a new attraction, with advanced sensors that automatically regulate temperature, salinity, and feeding schedules.
To ensure these communications remained separate from the commercial network, the casino con gured the tank to use an individual VPN to isolate the tank's data. However, as soon as Darktrace was installed, it identi ed anomalous data transfers from the sh tank to a rare external destination.
Anomalous activity detected:
Transfer of 10GB outside the network
No other company device had communicated with this external location
No other company device was sending a comparable amount of outbound data
Communications took place on a protocol normally associated with audio and video
The tank's communication patterns included sporadic communications with company devices, but that activity was in line with similarly con gured IoT devices. The external data transfers, however, were deemed highly unusual by Darktrace’s AI algorithms.
The data was being transferred to a device in Finland where an attacker had managed to gain control over the tank. This was a clear case of data ex ltration, but far more subtle than typical attempts at data theft.
By targeting an unconventional device that had recently been introduced into the network, the attack managed to evade the casino's traditional security tools. Darktrace’s Enterprise Immune System detected the threat because the technology does not make assumptions about where threats will arise. It detected a subtle anomaly that indicated a much larger threat, and it aided the casino in remediating the vulnerability. The incident demonstrates the need to have complete visibility of every user and device – including internet-connected sh tanks.
I will never connect an appliance to the Interwebs.
Or one of those “smart speakers” that relay everything you say to the NSA.
Just the octopus.
“Cleary a fishing scam.”
One that people will be carping on for some time.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.