A Casino Was Hacked Thanks To The Internet Of Broken Things & A Fish Tank Thermometer

from the somebody-might-want-to-get-on-this dept

For years we've documented how the internet of broken things industry and evangelists have contributed to a global privacy and security shitshow. The rush to connect everything from tea kettles to Barbie dolls to the internet without including even basic privacy or security standards has resulted in a massive security problem few seem interested in actually fixing. As a result we're not only less secure and more at risk for privacy violations, but these devices are now routinely contributing to some of the most devastating DDoS attacks history has ever seen.

A year or so ago Bruce Schneier penned what was probably the best explanation of why nothing in the IOT chain of dysfunction seems to improve:

"The market can't fix this because neither the buyer nor the seller cares. Think of all the CCTV cameras and DVRs used in the attack against Brian Krebs. The owners of those devices don't care. Their devices were cheap to buy, they still work, and they don't even know Brian. The sellers of those devices don't care: they're now selling newer and better models, and the original buyers only cared about price and features. There is no market solution because the insecurity is what economists call an externality: it's an effect of the purchasing decision that affects other people. Think of it kind of like invisible pollution."

Instead of fixing their products, vendors simply move on to marketing the next best thing. And consumers continue to gobble them up, creating millions of millions of new attack vectors into homes and businesses around the world annually. Obviously this "invisible pollution" continues to have a very real and visible impact. Case in point: Nicole Eagan, the CEO of cybersecurity firm Darktrace, says hackers are increasingly targeting unprotected IOT devices including air conditioners, toys, and surveillance cameras to get into corporate networks.

She noted how one bank that decided to skimp on security cameras actually wound up being hacked after those cameras were quickly compromised by attackers. Speaking at the WSJ CEO Council Conference, she also shared an anecdote about how one big casino client had their customers' financial histories stolen thanks to an internet-of-broken things aquarium thermostat:

"Eagan gave one memorable anecdote about a case Darktrace worked on in which a casino was hacked via a thermometer in an aquarium in the lobby. The attackers used that to get a foothold in the network," she said. "They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud."

It's understandable that people are wary of regulating this sector lest it stifle innovation or create unforeseen, additional problems. But it's pretty clear we're going to need a massive collaboration between the public, companies, and government if we want to avoid some potentially calamitous and fatal outcomes (especially if and when essential infrastructure is targeted). That's why what the open source IOT security and privacy standards organizations like Consumer Reports have been cooking up desperately need all the public and private sector support they can get.

Filed Under: casino, cybersecurity, iot, security, thermometer

DailyDirt: Observing Really Small Biological Events

from the urls-we-dig-up dept

It's not easy to study living things. Biological cells are made up of an insanely complex mixture of chemicals that somehow self-organize and react to produce stuff like sugars, proteins... and thoughts. Any help to visualize these biological processes is much appreciated, even if there's no Nobel prize for biology. Here are just a few more cool ways to measure what's going on in our bodies at the cellular level.

• The use of silicon nanocrystals that glow (as quantum dots) could be useful for medical imaging. These nanocrystals can absorb and emit light in the near-IR, and these particles have caused no ill effects in monkeys 3 months after being injected with relatively large doses. [url]
• To measure the temperature of a single cell, nanodiamonds could serve as tiny thermometers. These diamond-based thermometers are also pretty sensitive, able to detect fluctuations of 0.05 Celsius inside a cell (and as low as 0.0018 Celsius in less noisy environments). [url]
• Photoluminescent nanoparticles have been shown to glow -- even through more than 3 centimeters of skin -- and produce high-contrast images of biological tissue. To minimize biological incompatibility, these nanocrystals have an outer shell made of calcium fluoride (a material found in bones and teeth). [url]

If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.

Filed Under: biology, biotech, calcium fluoride, gfp, medical imaging, nanocrystal, nanoparticles, nanotech, photoluminescent, quantum dot, sensors, thermometer