An internet connected aquarium controller has just been confirmed as the gateway into the secure network of a casino, and it was used to steal up to 10 gigabytes of data! We knew this day would inevitably come, and it’s actually a surprise that it’s taken this long to happen.
The internet of things (IOT) has been seeping into our daily lives as well as the aquarium hobby since the beginning, and it’s pretty common to hear about some of these devices used as bots to perform DDOS attacks. But a recent cyber-attack on a casino used an aquarium controller as a portal to funnel data out of a private network, the damage it caused has not been reported but it can’t be good.
The data breach was reported by cyber security firm Darktrace who discovered the aquarium controller was sneaking out much more data than a device like this should. The actual casino and aquarium controller used in this attack were not named but we can glean a few things from the Darktrace report.
Darktrace co-founder Dave Palmer was quoted as saying:
“We’ve seen insiders sneak data out of heavily-protected organizations by attacking digitally-connected fish tanks. Completely blew my mind. Who would plug their fish tank into the internet? Well it turns out lots of people do.”
Apparently this is not even the first time a ‘smart fish tank’ has been used in cyber crimes! The report goes on to mention that the controller was equipped “with advanced sensors that automatically regulate temperature, salinity, and feeding schedules“. The device in question was not named but we do know the casino is in North America.
The three main companies with internet connected aquarium controllers in the North American market are the Digital Aquatics ReefKeeper, GHL Profilux, and by far the most common in the U.S. is the Apex by Neptune Systems. Neptune Systems Apex is the only one with a dedicated fish feeder, the AFS, but other controllers can be used to automate fish feeding.
Up until now we’ve mostly been concerned about IoT Aquarium devices being usurped as foot soldiers in bot armies, or vindictive hackers crashing our precious aquariums. But it seems like at least one controller company’s (and probably all of them) are not robust enough to resist cyber attacks, and it’s frightening to think of your entire home network potentially being compromised by having a ‘smart fish tank’. [Darktrace]