How Safe Is Your Fish Tank?

how safe is your fishtank
What on earth is this one about, I hear you ask? The Internet Of Things, that’s what; those millions of things that connect to the internet, like your home central heating, your toaster, webcams, children’s toys and yes, even fish tanks, allowing them to send you messages and alerts, or to be controlled and managed from your smartphone.

“Hackers are a resourceful bunch, and they’ll look for any weakness that can be exploited to break in to a computer network. Once they’re IN, they’ll use any available method to get the data they discover OUT.”

Forbes, July 27, 2017

There is a story from a couple of years back about a casino in Vegas that was hacked using this rather unique exploit. The casino had recently installed a new remote monitoring system for their fish tanks which allowed the temperature, salinity and food to all be controlled automatically. Since to be able to do that it had to be connected to the internet, it was a ripe target to be hacked – and promptly was.

The problem was not that the attackers might use the exploit to feed the fish too much food, but that the device was not isolated from the rest of the casino network. Using it as a doorway, the attackers stole 10GB of data from the casino’s computer systems, sending it offsite in a way that made it look like media streaming.

The story highlights the dangers of allowing weak and insecure devices onto an otherwise secure network.

Devices like these usually have minimal if no security attached to them. Once you are in, you can then use them to leapfrog onto the things you really want to get to. This is called a ‘man in the middle’ attack, where you hack something to indirectly get to something else. (For fans of Mr Robot, this is exactly what the lead character did to bring down the secure backup facility. By placing a small device onto the network, he was able to take down the facility’s heating system and thus destroy all the backups stored inside.)

In 2015, Hacker News revealed that millions of devices, including home routers, were using the same encryption keys hard-wired into the devices themselves. If you get those keys, then you don’t just hack one device, you can get at hundreds of thousands of them.

“When [they] scanned the Internet … the researchers found that at least 230 crypto keys are actively being used by more than 4 Million IoT devices.

Moreover, the researchers recovered around 150 HTTPS server certificates are used by 3.2 Million devices, along with 80 SSH host keys that are used by at least 900,000 devices.”

Hacker News, November 27, 2015

When we say to clients ‘you shouldn’t connect devices to your network without telling us’ we’re not trying to be difficult, we’re just aware that these things are vulnerable and that caution needs to be exercised.

IP Cameras have notoriously low levels of security. Network printers can be easily exploited, and often contain a password to your server and/or an email account for scanning. We always change the default passwords on these devices for this reason, though the push back we get sometimes from the print management company for doing so is hard to believe unless you genuinely don’t care about security.

If you’re not taking your printer security seriously, someone else might be.

Another good example is separating your phone system from your main network. VOIP phones are a great example of devices that communicate through the internet, and which as a result can be accessed and controlled from somewhere external – that’s how they ring when someone calls you!

It’s not particularly far-fetched that one of these phones, on your computer network, could be used to try to access your server.

Consider the payoff; an attacker trying to hack into one phone is very unlikely. But, an attack using a common exploit on millions of phones is something else. Like phishing emails, no one is targeting you specifically. They’re just throwing enough out there in the knowledge that at least some of them are going to generate a response. Combine this with an automated use of lists of common passwords tried on every computer on that same network, plus perhaps opening some ports on your router for the service to work, and before long you’re going to be able to get something out of it.

The moral of the story? Be careful what you connect to your network.

The IoT has all sorts of good things going for it, but it also has the potential to bring you a lot more trouble than you bargained for. Security is only as good as the weakest link, and if you do want to connect insecure devices there are ways to do it that do not compromise all the good security you have by placing a back door right in the middle of it.  

Useful Links

Forbes: https://www.forbes.com/sites/leemathews/2017/07/27/criminals-hacked-a-fish-tank-to-steal-data-from-a-casino/

Hacker News : https://thehackernews.com/2015/11/iot-device-crypto-keys.html

Video: The Wolf, feat. Christian Slater. “If you’re not taking your printer security seriously, someone else might be”: https://www.youtube.com/watch?v=U3QXMMV-Srs

Like this article?

Share on twitter
Share on Twitter
Share on linkedin
Share on LinkedIn
Share on email
Share by Email

Subscribe to our monthly newsletter

Get the best IT tips and Office ideas in your inbox

Further reading

Tracking Coronavirus using Power BI

Visual representations make trends and differences easy to spot. Trying to make sense of the news during the Coronavirus crisis provides a powerful example of how difficult it can be to extract meaning from raw data. Like everybody else I have been struggling to interpret the daily deluge of numbers so I can determine whether

Read More »
how to be calm and resilient during a work crisis

How To Stay Calm and Be Resilient During a Business Crisis

You can’t escape the C-word at the moment. 

And by C-word we’re not referring to “coronavirus” – nor “COVID-19” (though, you can’t escape those either).

The word of the day is crisis. Because you know what – COVID-19 is just one crisis. It’s surely not the first, and it won’t be the last.

So here’s one particularly valuable thing you can learn from this situation: how to stay calm and logical in the face of any crisis – big or small – that impacts your company.

Read More »
how to unleash staff creativity

5 (Science-Backed) Strategies for Unleashing Staff Creativity

Whether you’re the manager of a team or working on a project with a group of staff, there are times when creativity is needed.

And the more of it you can tease out from everyone, the better the results are going to be.

Now, let’s not be mistaken here… creativity is not just a thing for artistic pursuits. It’s about generating fresh ideas, thinking laterally, coming up with unique ways to solve complex problems… regardless of the field you work in.

Read More »

Want to hear what customers have to say?

Watch out customer story videos and find out today...

Cookie Notice

This website uses cookies to ensure you get the best experience on our website. Learn More.

Scroll to Top

Get the Ebook

"Your Ultimate Guide To Office Delegation"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five Powerful Ideas That’ll Take Your Personal and Business Development to the Next Level"

Are you an Office Manager who’s looking for next-level ideas? You need to read this Ebook — you’ll get it for free when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? helpful articles, invites to events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five Ideas That'll Help you Tame Unruly Systems and Team Members"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Get the Ebook

"Five High-Value Business Initiatives That’ll Provide Massive Impact and Help You Get Noticed at Work"

Get this empowering Ebook in your inbox — when you subscribe to the Macnamara Newsletter. What’s in the Newsletter? Insightful articles, invites to exclusive events, powerful ideas, free training resources. Don’t miss out – subscribe today.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.

Subscribe to our monthly newsletter.
Get the best IT tips and Office ideas in your inbox.

We promise to keep your information safe. Unsubscribe at any time. Read our privacy policy.