Early bird prices are coming to an end soon... ⏰ Grab your tickets before January 17

This article was published on August 8, 2016

Thermostats can now get infected with ransomware, because 2016


Thermostats can now get infected with ransomware, because 2016 Image by: Ken Munro

If you’ve encountered ransomware before, you’re familiar with how incredibly destructive it can be. It literally holds your computer and files hostage unless you cough up a steep ransom, usually paid in Bitcoin.

Now, it looks like ransomware is about to make the leap from computers and smartphones to Internet of Things devices.

Andrew Tierney and Ken Munro – two UK-based researchers for IT security firm Pen Test Partnersdemonstrated the world’s first ransomware for a smart thermostat earlier this week at the DefCon security conference in Las Vegas.

The Wi-Fi enabled thermostat that the researchers targeted is basically a Linux computer. It allows the user to upload wallpapers and configuration settings through an SD card; that’s what they use as a vehicle to install a malicious program onto the device. At this point, an attacker would have full control over the thermostat.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

It’s worth noting that for a device to be infected, an attacker would need physical access, or the owner would have to be tricked into infecting their own thermostat.

So far, the name and manufacturer of the device affected hasn’t been publicly announced. That’s because the researchers only identified the vulnerability two days before the conference was scheduled to start, and have not been able to contact the manufacturer in order to arrange a fix.

Thankfully, Tierney and Munro both believe that it will be an easy problem to patch.

This episode illustrates the troubling fragility of Internet of Things devices. There are far too many of them that have shipped with vulnerabilities that leave their users at risk, from Wi-Fi enabled kettles that leak network passwords, to “smart fridges” that broadcast the user’s Gmail credentials in plaintext.

As the number of IoT manufacturers and users proliferate, and as the devices become mainstream household appliances, it seems probable we’ll see even more high-profile security issues.

 

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with