{"id":22248,"date":"2018-04-28T10:24:45","date_gmt":"2018-04-28T14:24:45","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=22248"},"modified":"2019-11-15T06:37:36","modified_gmt":"2019-11-15T11:37:36","slug":"leaking-fish-tank","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/leaking-fish-tank\/22248\/","title":{"rendered":"Leaking fish tank"},"content":{"rendered":"

When it comes to the Internet of Things, security still lags behind ingenuity. Among its connected devices are a fair few unknowns. And practice shows that IoT threats have a nasty habit of catching<\/a> users with their pants down, so to speak. Our agenda today features another seemingly harmless contraption.<\/p>\n

<\/strong><\/p>\n

High-tech interior<\/h2>\n

<\/p>\n

A short while back, a US casino installed a \u201csmart\u201d fish tank in the lobby. The fish feeding schedule, plus salt and temperature levels, were regulated automatically. The thermostat could warn the owner online if the water got too hot or cold.<\/p>\n

The device was hidden behind a VPN<\/a>, clearly to shield it from intruders. But that proved insufficient \u2014 the seemingly innocuous thermostat provided a backdoor to other nodes in the local network.<\/p>\n

<\/strong><\/p>\n

I spy<\/h3>\n

<\/p>\n

It transpired that the double-dealing fish tank had sent 10GB of data to somewhere in Norway. Internet security staff struggled to work out what information had fallen into the hands of the faceless hackers. The answer was the casino\u2019s database of high rollers. Open sources do not specify what precise information it contained, but whether it\u2019s just names or, more seriously, contact information and even credit-card numbers, the reputational damage is incalculable. The name of the casino was not publicized, but it was obliged to report the incident to victims of the leak.<\/p>\n

<\/strong><\/p>\n

Forewarned is forearmed<\/h3>\n

<\/p>\n

Companies that don\u2019t want to risk their clients, like this unnamed casino, are advised to keep these rules in mind:<\/p>\n