Is your fish tank spying on you?

Recently, over 10 GB of data was stolen from a casino when a PC used to regulate the temperature, food and cleanliness of a fish tank was hacked by an unknown group. While this is objectively funny, it is also a great reminder about the “Internet of Things” and the security concerns that are introduced as our homes are populated with more and more computers disguised as everything from toasters to baby toys.

Most of us have become used to installing security patches and updates on our PCs, phones, and tablets. But that smart sous vide cooker is also a “computer” as is your gaming system, smart outlets and smart lightbulbs. Anything connected to your home’s Wi-Fi network is a potential avenue for a hacker to compromise your home network. The consequences for this can range from having your personal data sold to identity theft or even a compromise of OMB data if you are accessing work resources from home.  

There are a few simple steps you can do to help keep yourself and your home network safe.

  1. Be conscious of where you buy IoT products and who manufactured them. Off brand products sold at discounted prices may include spyware or other security vulnerabilities. Do some research for known security issues when purchasing a product from a vendor you do not know.
  2. Keep a spreadsheet of IoT devices in your home. Whenever you connect something to your home network add a row to your spreadsheet with the manufacturer’s model number and a link to the manufacturer’s website or a site where you can download patches and security updates.
  3. Make sure your home Wi-Fi network is using strong WPA2 encryption and your Wi-Fi router(s) are updated with any patches or upgrades.
  4. Change the default password on devices if possible. Use unique random passwords and record the passwords in your spreadsheet (or better yet in a password manager) so you don’t lose them.
  5. If you are not using a device anymore disconnect it from your network. Especially things like baby monitors or security systems.
  6. For an extra level of security, use a separate Wi-Fi network for your IoT devices. Most Wi-Fi routers allow you to configure a “Guest Network” which can connect to the internet but cannot access other devices on your home network. While this may not work for all devices, adding devices to your Guest Network will help protect your PCs and other computing devices from compromise if the IoT device is hacked. In the Cybersecurity game, we call this “restricting lateral movement”.

As always, if you have any questions or concerns I’m here to help. Thanks for your time and stay safe out there.

Link to article about the fish tank hack:

https://www.washingtonpost.com/news/innovations/wp/2017/07/21/how-a-fish-tank-helped-hack-a-casino/

Leave a Reply