Forbes who wrote an earlier story did the same thing, but with a Shutterstock photo. At least the original source of the story (the cyber defense company) used an illustration so it was obvious that it wasn't the real thing.
 https://www.darktrace.com/resources/wp-global-threat-report-... (see page 8)
Why would a thermometer need to connect to the Internet in the first place? It is absolutely unnecessary. The software could be installed on a server in a local network or even inside the thermometer itself.
I think the reason why these devices require an Internet connection is that vendors just want to lock user to their servers and collect "anonymous statistics" from them.
Seriously? This is not obvious?
What's the upper bound on the number of aquariums that a large facility might have as decor, decorative dividers, etc? 10? 50? 200? More?
At a commercial scale having people go to each one is no more viable than Google using web managed network switches would be, or than using individual residential thermostats in a large office building. It might be possible, but it would be slow and error prone.
Installing an in house server would be no better, but for different reasons of getting IT involved either for the server or for local software on a PC (locked down possibly and unable to install or run unrecognized apps). "Hi, this is Bob in maintenance, we'd like to install some software that will scan the network for" "NO." "But the fish!" "NO."
For that matter had these been properly segregated on an "IoT" network neither of those would have worked well anyway. If you're handling financial data like that in a regulated environment, nothing from the IoT network should be able to reach to protected systems. There's a case for the protected network to be able to reach to IoT, but there are also reasons to not allow it.
Frankly, having devices like that able to reach out to a cloud management system makes a lot of sense for both the client and vendor (subscriptions, lock-in, etc). The problem is allowing them on a supposedly secure network.
Edit: added "residential thermostats" because it seems more appropriate here than my initial example
Years ago, the standard was "IP cameras" which you basically connected to directly and they would stream video to you. Now these cameras stream video to some remote server, so the output from a camera which might be sitting only tens of meters away, goes maybe thousands of miles out into the Internet, crossing a geopolitical border or several, before coming back in. IMHO it's absolutely disgustingly inefficient in addition to all the privacy risks.
Of course the makers claim this is so you can watch from anywhere, but a lot of those old "dumb"(?) IP cameras could be configured to upload video to a remote server if you wanted, and one under your control.
Relatedly, the musings of a coworker who wondered why IM'ing someone sitting less than 10ft away in the office should even require a working Internet connection --- because his message gets sent far away and then back, in a horrificly wasteful loop, instead of going directly from computer to computer within the LAN.
The average consumer doesn't have a remote server or the knowledge to set one up.
Which is fine to say, but doesn't really address the main issue of the IoT Cameras and honestly comes off as exploitative as an excuse. Just because something provides a convenient service does not mean it should get a free pass on basic and reasonable security precautions, nor should it be able to exfiltrate data, much less in a lazy way.
To be 100% clear, I'm not meaning to put words in the parent's mouth; I understand that the statement is just a factual statement that most people don't know how to set up a remote server. However, small SOC boards have never been cheaper and continue to grow cheaper; a "remote server" to feed data to can be bundled easily at extremely low cost to the manufacturer, let the user provide their own storage, and then work on making the discovery experience elegant. (Plug in the cameras and the SOC box close to one another. Plug the SOC Box into a monitor/TV. Follow the on-screen prompts to discover the local WiFi and Cameras and connect all of them)
Apple has found ways to make their wireless vision almost complete; setting up remote printers, connecting via Airdrop, etc, is all fairly close to elegant with some minor bumps. Xiaomi's line of hardware ties in neatly to Mi-Life fairly well also and discovery is easy (though the actual connectivity is in dire need of work). The idea that consumers need to let their data be exfiltrated due to lack of knowledge is silly; there are numerous examples on how to do it right, and the tech has never been more ready.
The average consumer doesn't need a remote server or the knowledge to set one up, just a plug and play device that works. IP cameras don't need to stream to some cloud service, you could have a plug and play consumer "home cloud" set up that allows the user to keep control of their data 100%.
A while ago there used to be almost plug and play IP camera set ups. Plug this box into your router and these cameras into that box. The box could be logged into remotely and had both a web based interface and mobile app.
I used this in a number of installs were the mostly computer illiterate clients wanted to be able to check up on their horses, or home or work premises (or all three) from their phone or laptop as well as review footage from months ago.
It feels weird to me that people feel comfortable in transmitting what can be very personal and private feeds into the ether and if more average consumers were less ignorant of the risks there would be more consumer pressure for cloud-less set ups.
It’s strictly unnecessary, but it’s a bit convenient for NAT-piercing and enabling remote monitoring and management.
It’s like everything else: there’s a trade off between certain conveniences and security/privacy. For some people, the line is strongly on the side of security and for others, the line is more favorable to convenience.
The trade isn't between convenience and security. It's between convenience and the result of a security breach. "more security" is abstract and hard to understand; "lowering the probability of this bad thing happening" is much, much easier.
In this case the casino owners had to choose between "remote monitoring of the fishtank" and "a way for hackers to access the internal network and all the bad things that could result from that", and they chose the fishtank.
I live in Phoenix, and regularly set my thermostat en route to my house after being gone awhile. I have scripts that set it to away automatically when my phone leaves the network.
It saves me quite a lot of power yearly.
(I feel guilty for contributing to these sorts of pedantic HN threads, but there you go)
If an on-site server goes down, odds are you might need to go on site, especially if the whole thing is separated from the internet to avoid leaking "anonymous statistics."
Having that data be centralized- on site or off- is where a web UI can be most useful.
A friend of mine rolled his own version of this for his house, helping him optimize how the furnace / ac units operate, etc. It would've been way more painful to go to each devices UI individually.
My thermostat cost $10 75 years ago. I would prefer that a $200 thermostat have a life longer than the technology platform.
It's just that the attack was part of a new article, and the headline used it to make it sexy.
I don't know if I still agree with this. One of my most important and private services is exposed on the web - the most untrusted network on the planet - and it's using application layer authentication, and no network isolation.
I don't need a vpn to get access to my gmail, my web banking or my nextcloud instance. I can access all those services over the most untrusted network of the world with a username and a password (and maybe a second factor auth token).
I think network layer isolation is overvalued. In the end, you still have to secure all your local lan resources anyway, because trusting your lan clients is never a good idea. So if your lan is untrusted like the wan network, and you secure all your stuff in your lan like you would secure them if they where exposed on the internet, there is no need for network level isolation at this point. Sure, it's an other layer of security and all that, but that comes with a high cost, that not always is worth paying for.
Even trusted devices are segregated by vendor.
Curious.. are there any recorded instances of air gapped networks being breached?
Unfortunately, all is not rainbows and unicorns. Ubiquiti's GUI doesn't treat IPv6 as a first-class citizen; if you want IPv6 you need to head for the CLI and hope you hit upon the right recipe to enable it for your provider - and make sure you set up your firewall rules to only open IPv6 addresses/ports you want open.
The article asserts, "It expands the attack surface and most of this isn't covered by traditional defenses", which is bogus. It's just another device that doesn't need to be on the same network as critical services.
From memory, there was an "untrusted trusted entertainment system" network segment, and a firewall which allowed one-way traffic out of the "trusted" vehicle management network (so the entertainment system could get car speed and similar), and the firewall could have it's firmware updated. From the untrusted network segment...
IMO "the problem" isn't the CAN priority system, it's that a remotely programmable device (the CAN gateway) was connected to both the control network and the internet (via the entertainment center). For something so security critical, it should have been kept as dumb as a box of rocks, and certainly never made network-updatable.
Your assumption is pretty accurate. Whatever internet-facing device is compromised is then used as a gateway onto the internal network, and a conduit for getting data back out if necessary. With access to the internal network, it's usually much easier to find things like systems with default/weak passwords, exploitable services, and so on.
It usually takes a couple of steps, like hopping from the initial system onto something that has interesting credentials stored/cached on it, and from there on to the things that are actually of interest. Every once in awhile, I'm lucky, and the initial point of compromise has super-privileged credentials on it, but that just makes things easier.
Take over the thermometer and you can send requests to the database as a whitelisted ip.
You assume way too much. I bet half the fish in that tank never even got a background check
It doesnt mention any details of how the data was actually stolen using the thermometer. It doesnt even explicitly say that the thermometer was an IOT device. "Hacked through a thermometer" could mean so many things
It's also fairly easy to vet the data.