
Hackers stole a casino's high-roller db via thermometer in the lobby fish tank - rock57
http://www.businessinsider.com/hackers-stole-a-casinos-database-through-a-thermometer-in-the-lobby-fish-tank-2018-4
======
rococode
One of the scariest things to me about IoT devices is people using them
without really understanding the tech behind them. It feels like a lot of
older companies are still just getting used to working with smartphones and
having databases instead of file cabinets, and suddenly IoT means they have 20
new devices that they don't really understand, that often are set up to have
more access than necessary (because that's probably the easiest way to set
them up)...

------
kardos
I was hoping this would be an elaborate side channel where the data was
exfiltrated bit by bit over a few weeks by inducing temperature fluctuations
that were picked up by the thermometer that was visible through a window from
the building next door. But it's just another "IoT" device. These things
should be considered backdoors until proven otherwise.

------
kwhitefoot
There's no need for device to be made secure. Just configure your network so
that the device can only talk through a specific virtual private network, or
even better a separate physical network. It's not difficult, but it might be
more costly. Car manufacturers do this. The entertainment system usually
cannot talk directly to the engine control unit. There is a bridge device
between the two that controls the conversation. Safety critical stuff is on
the ECU side of the bridge not the entertainment side and the ECU side is not
public.

I don't mean cars are perfect, just that the concept is well known and
manufacturers do try to implement it (with varying degrees of success of
course).

