According to a Darktrace, hackers stole a casino’s database through a fancy Internet of Things (IoT) fish tank. While the report doesn’t really share much technical detail, it does suggest the hacker found some hole in the cloud-connected thermometer the fish tank used. Watch the YouTube video below for more detail, and to hear what you should do to better protect your IoT devices.
Episode Runtime: 4:07
Direct YouTube Link: https://www.youtube.com/watch?v=06nH2wuthRQ
EPISODE REFERENCES:
- Hackers steal a casino database through a fish tank – Business Insider
- Darktrace’s 2017 Global Threat Report with the fish tank hack [PDF] – Darktrace.com
—Corey Nachreiner, CISSP (@SecAdept)
The use of a fish tank controller is a real possibility. Please look at the information at:
https://www.neptunesystems.com/
I own one of these. If you follow the installation instructions, the default logon is admin with password 1234. This creates a security whole. They use a site called Fusion for remote access. If you do not change passwords, etc, I can see and actually used mine to access a network.
I am still in favor of people using IoT devices following your advice of changing at least the default password.
Jim Fuller