The Internet of Things (IoT) has been on the horizon for years — in some ways, decades even. From fictional depictions as far back as the Jetsons to the promise of a smart home with intuitive tech that not only responds to your every command but can anticipate all your needs, it’s been a tantalizing frontier in consumer electronics for quite some time. But as is true with most every new, great advance in tech, with the convenience comes hidden risks, and IoT as a technology has proven to be one of the more vulnerable penetration points in secure networks for individuals and businesses alike.
Don’t believe me? Hackers once broke into a casino and stole the ‘high rollers’ database… through an IoT thermostat
As natural language processing (think Alexa, Siri, Google Home, etc.) has improved by leaps and bounds, so too has the promise of a real smart home (or smart business, as it were). Wireless networks got better and better, enabling everything to connect to one another. The Internet went everywhere and then became mobile, meaning all these devices could not only talk to one another, but use cloud computing resources and neural networks to learn, adapt and improve what they provided.
You could go green by programming networks to turn energy on or off based on usage patterns/presence. The possibilities were seemingly endless. But even though we as consumers thought of these things as simply smart devices connected to one another, hackers saw them as something different — independent and isolated vulnerabilities to be exploited. And because most people initially didn’t protect against intrusion as diligently as we would with computers or phones, hackers were able to gain access in new and frightening ways. My favorite anecdote involves a casino, a thermostat and an aquarium.
Darktrace is a cybersecurity firm specializing in cyber A.I. Earlier this year, its CEO Nicole Eagan relayed her favorite anecdote (reported in Business Insider): “There’s just a lot of IoT. It expands the attack surface, and most of this isn’t covered by traditional defenses,” the CEO said.
The casino was hacked via a thermometer in an aquarium in the lobby. “The attackers used that to get a foothold in the network,” she said. “They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.”
Because the aquarium thermometer was attached to the same networked backbone as the rest of their system, it provided another access point the casino wasn’t watching as closely as it should have. And if hackers can breach a casino’s firewall through something that obscure, imagine what hackers could gain access to through Alexa, or your appliances?
The bottom line
We’re not all doom and gloom when it comes to IoT. There’s some truly awesome stuff happening out there and we want consumers and businesses to reap the rewards IoT can promise. But at the same time, we have to caution people to think of every Internet-enabled device as a possible access point to your network and your files. You must, must, must protect and defend each and every IoT access point as much as you would your phone or laptop. If casinos aren’t invulnerable, you certainly aren’t either.
And if you need help figuring out how to ensure that? Drop us a line — it’s exactly what we’re here for.