Using an internet of things (IoT) connected fish tank thermometer, hackers were able to access an unnamed casino’s high-roller database.

“The attackers used that to get a foothold in the network,” explained Darktrace CEO Nicole Eagan. “They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud.” As such, the incident raises concerns about the security of IoT devices.

“There’s a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC [air conditioning] systems, to people who bring in their Alexa devices into the offices,” said Eagan. “There’s just a lot of IoT. It expands the attack surface and most of this isn’t covered by traditional defenses.”

To demonstrate the vulnerabilities of the IoT, a team of researchers in Israel recently found that it was possible to remotely access a number of off-the-shelf IoT devices using default factory passwords. Likewise, hackers have also been able to gain access to other IoT devices like the cameras on robotic vacuum cleaners to explore consumer's homes.

“With the internet of things producing thousands of new devices shoved onto the internet over the next few years, that’s going to be an increasing problem,” said former head of the British government’s digital spying agency, Robert Hannigan. “I saw a bank that had been hacked through its CCTV cameras because these devices are bought purely on cost.”

Consequently, Hannigan suggests that government regulations should be in place around the IoT industry.

“It’s probably one area where there’ll likely need to be regulation for minimum security standards because the market isn’t going to correct itself,” he said. “The problem is these devices still work. The fish tank or the CCTV camera still work.”