A Fish Tank Was Almost the End of an Entire Casino

Internet-of-Things (IoT) connected devices have made our lives easier, safer, and more enjoyable but IoT devices aren’t just about taking ordinary tasks off your plate.

We can activate our air conditioners as we’re walking out the door from work, ready to end the day by stepping into a cooler home. We can turn our appliances on and off from our smartphones, meaning we could tell the oven to start preheating during our daily commute. Even purchasing a soft drink from the break room vending machine using a microchip reader or a credit card slot requires internet connectivity.

The medical applications alone have meant doctors can get real-time information on their cardiac patients, and diabetic patients don’t have to stick themselves repeatedly just to find out their blood sugar readings. The information in both of those cases can be sent over Wi-Fi to a smartphone’s screen.

Unfortunately, we’ve already learned that IoT devices are notoriously vulnerable to hacking. Some bizarre cases have already occurred in which hackers were able to infiltrate vending machines, smart light bulbs, DVRs, webcams, and more. Typically, hackers have used these vulnerabilities to commit specific types of attacks called DDoS attacks, which flood a website with useless repetitive traffic coming from thousands or even hundreds of thousands of unsecured IoT devices. That traffic from your hacked refrigerator shuts down the website or network. They’ve even used this form of attack to demand ransom from businesses in exchange for making it stop.

Sometimes, however, the vulnerability in your connected device can lead hackers to other parts of your network, including areas that contain sensitive information. While that has already been demonstrated on more than one occasion, a recent case just might put all the rest to shame.

Hackers attempted to break into a casino’s network by infiltrating its IoT-connected fish tank. The tank was connected via Wi-Fi to control the temperature, automatically feed the fish, and monitor the cleanliness of the tank. Researchers have already discovered that other areas of the network were accessed and that ten gigabytes of information were copied and sent to a server in Finland. To give you an idea of how large those files must be, 10GB is an entire monthly allotment from many internet services providers.

Cybersecurity experts agree that regulation is needed to close the flaws in IoT devices, but in the meantime, consumers have to be aware of the safety protocols involved in connecting different tools and appliances to the internet. Until they’re certain that they have the strictest possible control over their networks and their devices, they might think twice about buying the latest connected gadget.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.