IoT devices are notorious for being potential privacy nightmares, and with a proliferation of such devices, they can also become vectors of cyber attacks. One such story was shared by Nicole Eagan, CEO of cybersecurity company Darktrace, about an unnamed casino was apparently hacked via a connected thermostat placed in an aquarium.
At the 2018 WSJ CEO Council that in London last week, she said, “The attackers used that (thermometer) to get a foothold in the network. They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud”.
“There’s a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC systems, to people who bring in their Alexa devices into the offices. There’s just a lot of IoT. It expands the attack surface and most of this isn’t covered by traditional defenses”
Eagan’s account was backed up by Robert Hannigan, the former Director of British cyber-intelligence agency, GCHQ or the Government Communications Headquarters. He narrated a case of an unnamed bank being hacked because of the low-cost and unsecured CCTV system. Hannigan added that the vulnerabilities in IoT devices will become an increasing problem, given how the IoT sector is likely to add many millions of new devices every year.
As a way to mitigate threats from cyber-criminals, Hannigan suggested that governments should regulate the sector and mandate safety standards. According to him, “It’s probably one area where there’ll likely need to be regulation for minimum security standards because the market isn’t going to correct itself. The problem is these devices still work. The fish tank or the CCTV camera still work”.