A Casino Gets Hacked Through a Fish-Tank Thermometer | Entrepreneur
Are your fish tanks secure?
www.entrepreneur.com
Saw this earlier! I wonder if it’s apex! Isolate your IOT devices folks.
A Casino Gets Hacked Through a Fish-Tank Thermometer
- Thread starter thanh510
- Start date
www.entrepreneur.com
Saw this earlier! I wonder if it’s apex! Isolate your IOT devices folks.
NanoCrazed
Supporting Member
Lol. Yeah... that happened about 2 years back...A Casino Gets Hacked Through a Fish-Tank Thermometer | Entrepreneur
Are your fish tanks secure?
Saw this earlier! I wonder if it’s apex! Isolate your IOT devices folks.
Lol yeah! You know how these news media need to recycle news to get folks to visit their website.
NanoCrazed
Supporting Member
Wouldn't be surprised is casino left default password and login on the controller or thermometer. That's why good practice would be to change defaults always.
But I need to open them up so I can view my cameras! I can’t remember crazy passwords too!
sfsuphysics
Supporting Member
Probably the fault of those ATM guys 
rygh
Guest
The problem is both less of a problem, yet more insidious, than you might think.
Most people do have a basic firewall already, provided by internet service provider.
They deny unknown messages coming in from the outside, so a simple hack like trying to
get in with default password will not work because the outside cannot even see
or send a message to your device.
Of course ... some of those routers have bugs.
The bigger problem is all these random unknown devices calling out.
Devices like thermometer and Apex send messages from inside your network to the cloud.
Like: (guessing) Apex -> Fusion : My temperature is 79.
Done right, that is fine. But done wrong, you can get something like:
Local -> cloud : Hey, should I update firmware.
Hacked/Spoofed Cloud response -> local : Yes, here is code (with a nice virus)
Since many devices use the same library routines for that, it is not as hard as you might think.
Once that completes, that virus takes over the device, and is INSIDE your firewall,
and it can do anything it wants.
Rare, but really bad when it happens.
You can get fancy with double networks. One for all those little devices, one for critical devices,
but that gets tricky with double-NAT issues and so on.
There is no simple fix.
Most people do have a basic firewall already, provided by internet service provider.
They deny unknown messages coming in from the outside, so a simple hack like trying to
get in with default password will not work because the outside cannot even see
or send a message to your device.
Of course ... some of those routers have bugs.
The bigger problem is all these random unknown devices calling out.
Devices like thermometer and Apex send messages from inside your network to the cloud.
Like: (guessing) Apex -> Fusion : My temperature is 79.
Done right, that is fine. But done wrong, you can get something like:
Local -> cloud : Hey, should I update firmware.
Hacked/Spoofed Cloud response -> local : Yes, here is code (with a nice virus)
Since many devices use the same library routines for that, it is not as hard as you might think.
Once that completes, that virus takes over the device, and is INSIDE your firewall,
and it can do anything it wants.
Rare, but really bad when it happens.
You can get fancy with double networks. One for all those little devices, one for critical devices,
but that gets tricky with double-NAT issues and so on.
There is no simple fix.
TurboReef
Guest
that's why you lock your network down at the MAC address level using an ACL.
also you don't need to double NAT. You create a separate network for your IOT devices.
rygh
Guest
Possible - sure.
Simple - not so much.
That is gibberish to most people.
And you are often stuck with a service provided router that is fairly locked down.
rygh
Guest
So poking around....
I have 32 devices on my network. Ouch.
My nice mesh wifi (eero) is too user friendly and does not support hardly anything special.
My ATT router is actually pretty powerful, and does support MAC filtering and subnets. Interesting.
My wired ports use an unmanaged switch at the top and a couple of hubs in various areas.
Hmm....
What I could do:
Put all the sketchy wifi devices on the ATT router, with strict MAC filtering.
Get some sort of fancy managed switch for the wired connections.
Probably not though.
I have 32 devices on my network. Ouch.
My nice mesh wifi (eero) is too user friendly and does not support hardly anything special.
My ATT router is actually pretty powerful, and does support MAC filtering and subnets. Interesting.
My wired ports use an unmanaged switch at the top and a couple of hubs in various areas.
Hmm....
What I could do:
Put all the sketchy wifi devices on the ATT router, with strict MAC filtering.
Get some sort of fancy managed switch for the wired connections.
Probably not though.
Zero-TRUST FTW!!!!
I use Unifi and I don’t zero trust as it messes with sonos and any layer two stuff (chromcast). BUT it does have deep inspection and I segment all the other stuff via vlan. No open ports!
I use to sport a Palo Alto but I’m much simplistic now.
sfsuphysics
Supporting Member
So as a less tech involved person, I've heard allowing access to a "guest account" (if your router supports it) is better? True? not?
By guess account, I am assuming you mean a guest WiFi/network. Most routers would isolate the guest network from the main network. Some routers do layer 2 Isolation. Layer 2 isolation only allow access to the internet but won’t allow the devices to see each other. Isolation is very good! So good, most company are practicing it as most things move to the cloud.
Either way, moving your APEX to the guest network is good practice(I haven’t done this LOL). This will help you if the APEX every get compromise.
I would move any IOT devices to the guest network that rely on the internet for you to access. Be careful with some devices that needs to “talk to each other”. You can move a few things like NEST, RING, etc. You won’t be able to move Sonos or any other devices that rely you to see them on the same network. You won’t be able to move stuff that integrates with home automation. So if you all in on google home, maybe moving it will hurt the experience.
sfsuphysics
Supporting Member
Yeah right now other than phones/tablets/laptops, the only other things that use wifi is my Roku, and probably my TV will too (I say probably because I'm going from a "dumb" TV to a "smart" one). Oh yeah the Ecotech light dohicky also is connected via wifi (not using Mobius), the rest of my reef apps are bluetooth connected.
NanoCrazed
Supporting Member
Lol. Fortinet is better choice anyway...
Would you be mad if I have a fortinet in my rack?Lol. Fortinet is better choice anyway...