The so-called Internet of Things (IoT) may be a daft way of saying “everything’s connected to the Internet these days,” but it’s increasingly being used to describe devices – from your smartwatch to your kettle – that “talk” to each other. Sounds good in practice, but as was demonstrated by a recent tale of mischief, hackers can also take advantage of the concept to engage in a bit of thievery.
As reported by Business Insider, not too long ago, a casino found that its database of high-rollers had been hacked. When they traced the hack, they found that it went through a thermometer in its lobby’s aquarium – an IoT device that was hooked up to the cloud.
Talking to the Wall Street Journal CEO Council Conference, Nicole Eagan, the CEO of cybersecurity firm Darktrace, told the crowd that this was just one example of many instances where unprotected devices had been compromised; from air conditioning systems to CCTV cameras, anything could potentially be accessed illicitly.
This tale was particularly memorable, though, as hackers had found a rather ingenious, idiosyncratic way to steal private information.
It’s far from an isolated tale, though. Target found that up to 40 million credit and debit cards had been hacked back in late-2013. The perpetrators managed to steal the log-in information of a subcontractor installing refrigeration, heating, and air conditioning units.
Thanks to the IoT and cost-cutting measures, the subcontractor had remote access to the overall system, which meant that the hackers managed to get their malware into Target’s registers. Between November 27 and December 15, they were harvesting live customer transaction data from stores nationwide.
This recent panel discussion stressed that, unlike more complex computers, WiFi-enabled devices like that thermometer rarely have the same type of security measures available. Mashable points out that many use the commonplace WPA2 security protocol, which isn’t particularly great.
“There's just a lot of IoT,” Eagen said. “It expands the attack surface, and most of this isn't covered by traditional defenses.”
It’s noted over on WIRED that, already, as of 2018, 35 percent of US manufacturers are using data from smart sensors like this thermometer in their businesses. Thanks to the IoT and their near-constant invisible chatter, this “ecosystem” of trinkets are not only boosting efficiency, but one white paper suggests that it’s already given rise to new types of data.
The convenience and increasingly cost-effectiveness of IoT devices means that, no matter what, they’ll become increasingly ubiquitous in the coming years. This little gambling-based anecdote, then, reminds us that we probably need to think more about the security implications sooner rather than later.
