APEX security?
- Thread starter dz6t
- Start date
Joker
Viking Corals
It’s very easy. The hacker would just need to gain access to your WiFi which is extremely easy. Then the hacker can gain access to everything that connects to your home WiFi. They can even gain access via your IP address as well. This why it’s good to have good fire wall software and Trojan protection as well. These two thing can effectively help protect you but if the hacker is at all good these will not stop them for long.
daves-reef
Non-member
When your talking WIFI the APEX has nothing to do with vulnerability. All WIFI has inherent security issues and that is why a VPN while using WIFI is always recommended. Most important thing you can do is keep your WIFI router updated and highest security settings turned on. Even then a highly skilled hacker could gain access when in range of WIFI. If your talking about the old way of punching a hole in the firewall to gain access to the APEX classic web service. That’s defiantly a bad idea and has always been. When it comes to the new cloud based APEX Fusion it’s heads above the old classic , my understanding they do encrypt and I think it’s highly unlikely it would be a good hacking vector but I haven’t actually researched details. It an unlikely to be a heavy target as they don’t store credit cards or other valuable info. But I always recommend strong passwords to prevent malicious mischief by someone who knows what site is for.
OP
OP
dz6t
Acro Garden, BRS Sponsor
Reall
waoo
OP
OP
dz6t
Acro Garden, BRS Sponsor
Thanks for the information. That is a good reason to get the new APEX instead of buying older model. One of my suppliers still have older version in stock for cheap.
Chris A.
Formally toomanyfish
Think about cyber security with your tank controllers!
Hi Folks, Given my profession and my love of gadgets and control, securing our ever more connected tanks is something very close to my heart. We are increasingly using monitors such as SenEye, tank controllers (including Apex and GHL) and other connected equipment to run critical aspects of...
www.reef2reef.com
And what I am saying is an open source controller is a much more viable target then Neptune's AOS software which is not open source and who knows what it was based on.
A controller based on linux or something like it is eminently more hackable and attackers are a lot more comfortable with it.
Just the thought of hacking a neptune remotely... adding software to dump traffic from the casino lan to an outside source.. proprietary hardware... etc... and doing it all from debugging a binary operating system with no source is not trivial at all. Period.
It is highly unlikely it was an apex. I could go into more detail of what steps an attacker must go through but damn.. that is a huge amount of work for such a small amount of possible targets.
Terrence from neptune said this...
Quote
This article was based on pure speculation and zero information other than a casino got hacked for 10GB via an aquarium controller. Images in the article have nothing to do with the facts other than they are images of a controller by GHL and cloud interface to our product, Apex Fusion. In fact, the source of the information was a marketing packet from the security company who wants to sell their software. No specific detail has been given by the company and they will not give it out - even to us, even under NDA. So who knows what really happened here.
Also, if something did really happen, as was just pointed out, the most likely thing that happened here was that someone left the back door open, someone found it, and then they found a way to exploit that open door locally. This is not a situation that involved Apex Fusion. Had it been, we would have been contacted, and we weren't.
If you have an Apex, and have still not connected it to Apex Fusion, you should. This is especially true if you want enhanced security and you have utilized a port-forwarding methodology for external access of that Apex. Connect it to Apex Fusion and then remove any port forwarding rules on your router.
Quote
This article was based on pure speculation and zero information other than a casino got hacked for 10GB via an aquarium controller. Images in the article have nothing to do with the facts other than they are images of a controller by GHL and cloud interface to our product, Apex Fusion. In fact, the source of the information was a marketing packet from the security company who wants to sell their software. No specific detail has been given by the company and they will not give it out - even to us, even under NDA. So who knows what really happened here.
Also, if something did really happen, as was just pointed out, the most likely thing that happened here was that someone left the back door open, someone found it, and then they found a way to exploit that open door locally. This is not a situation that involved Apex Fusion. Had it been, we would have been contacted, and we weren't.
If you have an Apex, and have still not connected it to Apex Fusion, you should. This is especially true if you want enhanced security and you have utilized a port-forwarding methodology for external access of that Apex. Connect it to Apex Fusion and then remove any port forwarding rules on your router.
jasonrusso
Non-member
I wouldn't think that an Apex on a secure firewalled network with a good password is any more vulnerable than any other networked device. I'd assume you could hack into a smart TV, Ring doorbell, Amazon Alexa, wifi crock pot, etc.
Don't think that a home user firewall (included with windows) is going to stop a determined knowledgeable hacker. I don't really have anything to steal, and if they hack my accounts I'll have it reversed. That's why I get alerts on withdrawals and I self audit my accounts weekly.
Don't think that a home user firewall (included with windows) is going to stop a determined knowledgeable hacker. I don't really have anything to steal, and if they hack my accounts I'll have it reversed. That's why I get alerts on withdrawals and I self audit my accounts weekly.
Folks.. all I know is that I ?might? have the most knowledge here about security issues. I am a net eng for last 15 plus years. I have discovered my own local root on linux years ago with sudo. I coded up my own exploit for it. In my younger years I was very active in the hacking scene and followed along with the main players back then. Kept very much up2date with it all. I still follow it due to my work but the scene has died off as we knew it back then.
As I understand apex today...
All I am saying is that the apex is proprietary hardware. The operating system is not open source code. I just know it is a metric ton of work to hack it and develop a root kit for it compared to open source controllers which are much more popular today then they were several years ago. That open source controller is a very weak target due to the hobbyist nature of it. If I had to guess the hackers target ran a version of linux.
And what Terrence said about how the company who described the hack gave zero info.. he is right. Try googling for facts. Security companies love publicity. They shout out to anyone who listens about a hole they found in a product. It is how they make their name in the industry. They would have sent a guy to blackhat and gave a speech about this new internet of things to worry about.. aquarium controllers and the threat to biz who use them.. blah blah
If they failed to report the issue to the manufacturer of the controller... it is a huge huge issue for a white hat security firm. They basically broke rule number 1 of today's ethics in the industry.
As I understand apex today...
All I am saying is that the apex is proprietary hardware. The operating system is not open source code. I just know it is a metric ton of work to hack it and develop a root kit for it compared to open source controllers which are much more popular today then they were several years ago. That open source controller is a very weak target due to the hobbyist nature of it. If I had to guess the hackers target ran a version of linux.
And what Terrence said about how the company who described the hack gave zero info.. he is right. Try googling for facts. Security companies love publicity. They shout out to anyone who listens about a hole they found in a product. It is how they make their name in the industry. They would have sent a guy to blackhat and gave a speech about this new internet of things to worry about.. aquarium controllers and the threat to biz who use them.. blah blah
If they failed to report the issue to the manufacturer of the controller... it is a huge huge issue for a white hat security firm. They basically broke rule number 1 of today's ethics in the industry.
Last edited:
Similar threads
