Like most people, I have visited a casino now and then. If you go to Vegas, it is basically impossible to make it to most hotel rooms without going through one in fact. What always amazed me when I was there was how much expense went into these buildings…..canals, huge water fountains and incredible ceiling art are just some of the ways that casino owners try to entice you to spend money. I would bet, however, that they did not think one of these fixtures would potentially jeopardize the integrity of their data systems.
I am referring to a story in the Washington Post where creative thieves were able to use the IoT system that controlled most aspects of a fish tank to enter into some key systems at the casino. Now, I have no idea what data they may or may not have accessed, but the sheer idea of it boggles my mind…..why was there even a link available between the tank’s IoT system and a key data system?
Stories like this are both good and bad for the IoT industry. The bad side of it is that it can potentially scare away customers who may not believe that their data is immune to hackers and may delay/defer from deploying an IoT solution. However, it is also good to have people be reminded that some simple steps are often all that is needed to prevent such a crime.
Most of the known attacks in the world of IoT tend to have been centered around things as simple as users failing to implement a password or if they did, they simply used the default username/password that is common to all of these devices. As well, using an edge device that has some intelligence (such as the ability to filter which users/IP addresses can even make changes) will also go a long way to preventing such an attack. Finally, using a security service (such as the shameless plug I am doing for our SecureIoT™ offering) will help to minimize the impact of some future attacks.
The Bottom Line
No system is ever fully immune from an attack. An organization can put in the most advanced system available, but can be attacked by ways such as an employee leaving an unlocked screen to use the facilities or a phishing attack. Companies need to be diligent and this starts by simply doing the basics. If I had to guess, I would suspect that it was something as simple as not changing a password that allowed this attack…..If you take proper precautions, your IoT deployment will go smoothly and your data will be safe.