A security conference in London heard last week how an unnamed casino was hacked through – an internet connected thermometer. The thermometer was an example of what has become known as ‘the internet of things’ where an increasing number of devices – from televisions and sound systems, to heating systems and lightbulbs can connect to the internet – either to receive content (such as movies and music), or to allow for remote monitoring (‘how warm is my house right now?’) or control (turn the oven on, I’m on my way home).
The thermometer was used to monitor the water temperature in an aquarium and sent data over the casino’s wireless network could be read remotely by the casino’s owners. At some point, hackers found a weakness in the thermostat’s computers and were able to use it to connect to the casino’s main computer network. From there, they were able to steal data about regular, high-rolling casino users. There is no sign any money was stolen, but personal information about many wealthy people has been stolen, and this could be useful to criminals in future fraud attempts.
The internet of things poses a security risk to those of us not wealthy enough to be regular casino players. Over the last 18 months or so, the availability and popularity of internet connected devices has exploded with many such devices being available in the high street or mainstream retailers for very little money. Often, the devices come from companies we’ve never heard of, but promise to work with existing systems such as Apple’s HomeKit, Samsung SmartThings or Amazon’s Alexa Home Assistant. The quality of the software driving these devices is variable. Some are known to have security problems, and some will never receive the necessary software updates to make them more secure.
If you want to start equipping your home with internet of things devices, be careful. Buy from big brands and read the reviews, then make sure that you apply any updates as soon as they become available. So it’s time to get used to a world where you might have to wait a few minutes whilst your lightbulb updates its software before you can turn it on.
And if you don’t want an internet connected home – that’s fine too; don’t feel forced to use technology that makes you uncomfortable.
To see an example of internet of things being abused by large companies; Wolf Richter (awesome name) wrote about how his American healthcare provider is pressurising him to use an internet-connected toothbrush in order to receive cheaper dental care: