Like a real life, cyberpunk version of Oceans 11, hackers absconded a casino's high roller database by hacking into a thermometer in the lobby aquarium. This is just one example of hackers finding a vulnerability to exploit by breaking into vulnerable "smart" devices like air conditioners and CCTV to penetrate corporate systems.
<iframe width="854" height="480" src="https://www.youtube.com/embed/A48AJ_5nWsc" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen></iframe>
In the Mike Judge series Silicon Valley a smart refrigerators' firmware is exploited. A Silicon Valley character hacks into the fridge which is later used to create a sort of smart-fridge botnet. In another episode, a smart-fridge spies on its owners.
The issues brought up by that episode were discussed last year when the episode aired and the idea of hacking through the firmware to brute-force the backdoor for the password is quite possible. Hacking security cameras and other "internet of things" due to embedded device vulnerabilities is a very real thing.
<iframe width="854" height="480" src="https://www.youtube.com/embed/B8DjTcANBx0" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen></iframe>
CEO of cybersecurity company Darktrace, Nicole Eagan, spoke to the WSJ CEO Council in London last Thursday: "There's a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC [air conditioning] systems, to people who bring in their Alexa devices into the offices. There's just a lot of IoT. It expands the attack surface and most of this isn't covered by traditional defenses."
In regards to the casino exploit mentioned earlier, "The attackers used that to get a foothold in the network. They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud."
Head of the British government's digital spying agency GCHQ from 2014 to 2017, Robert Hannigan was on a panel with Eagan and took the same perspective considering the dangerous security flaws in the smallest of "smart" devices in or around the largest of things.
<blockquote>"With the internet of things producing thousands of new devices shoved onto the internet over the next few years, that's going to be an increasing problem," I saw a bank that had been hacked through its CCTV cameras because these devices are bought purely on cost," Hannigan said.</blockquote>
In Hannigan's opinion, standards should be put in place and implemented to protect against these devices being used as part of broader scale attacks. The need for "minimum security standards" being put in place on these devices was agreed on as well:
"It's probably one area where there'll likely need to be regulation for minimum security standards because the market isn't going to correct itself. The problem is these devices still work. The fish tank or the CCTV camera still work.
These kinds of vulnerabilities have affected smart fridges, in particular, to hack businesses for years now. An article in Business Insider from January 2014 describes a smart-fridge "botnet" as one of the first major Internet of Thing (IoT) cyber attacks. A couple of years back a Samsung smart refrigerator vulnerability that left your Gmail account log-in credentials open. The possibility of our smart devices conspiring against us only increases as we move more to ubiquitous wirelessness.