A casino was hacked via smart thermometer, because the surveillance state is now a heist movie

Impact

Adding internet connectivity to household items are an easy way to smarten up regular appliances. Unfortunately, that may open up other smart devices around them to hackers, as one casino recently found out.

Nicole Eagan, CEO of the cybersecurity company Darktrace, revealed on Thursday that a casino was once hacked through a smart thermometer in the lobby fish tank. During a panel at the Wall Street Journal CEO Council in London, Eagan recounted exactly what the hackers went after.

“The attackers used that to get a foothold in the network,” Eagan said, according to Business Insider. “They then found the high-roller database and then pulled that back across the network, out the thermostat and up to the cloud.”

Eagan withheld both the name of the casino and brand of thermometer that was used.

This isn’t the first time smart devices have betrayed buyers. Cnet reported Monday that Russian spies have been “looking for vulnerabilities in routers” as a potential tool for future attacks. Here in the U.S., the CIA used Samsung TVs to spy on their owners; Amazon Echos have been susceptible to randomly laughing at their owners.

But sometimes the hacks are more sweeping. Prior to a security update in September, LG’s SmartThinkQ mobile app and cloud application was susceptible to a vulnerability called HomeHack. If exploited, hackers could have gained control of any LG device or appliance connected to the account, such as dishwashers, air conditioners, washing machines and the company’s robot vacuum cleaner. Nearly 1 million home devices were at risk, NBC reported.

In many cases, hacking a smart home device is as simple as doing a Google search for the brand’s default password.

WSJ CEO Council panelist Robert Hannigan, who ran the British digital spying agency Government Communications Headquarters from 2014 to 2017, noted similar vulnerabilities in other “internet of things” devices.

“I saw a bank that had been hacked through its CCTV cameras because these devices are bought purely on cost,” Hannigan said.

Most owners of smart home gadgets aren’t running a casino, but protecting users’ privacy should be everyone’s first priority. No device is infallible, but there are simple steps users can take to protect themselves. For example, MarketWatch recommends the use of two-factor authentication and malware protection. Using strong passwords and keeping your software updated can also help you stay safe from hackers, according to MentalFloss.

The smartest move, however, may be to opt for dumb devices — no hacker can break into a thermometer that isn’t digital in the first place.