SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
9 Aug 2016

Hackers make the first-ever ransomware for smart thermostats

One day, your thermostat will get hacked by some cybercriminal hundreds of miles away who will lock it with malware and demand a ransom to get it back to normal, leaving you literally in the cold until you pay up a few hundred dollars.

This has been a scenario that security experts have touted as one of the theoretical dangers of the rise of the Internet of Things, internet-connected devices that are often insecure. On Saturday, what sounds like a Mr. Robot plot line came one step closer to being reality, when two white hat hackers showed off the first-ever ransomware that works against a “smart” device, in this case a thermostat.

Luckily, Andrew Tierney and Ken Munro, the two security researchers who created the ransomware, actually have no ill intention. They just wanted to make a point: some Internet of Things devices fail to take simple security precautions, leaving users in danger. “We don’t have any control over our devices, and don’t really know what they’re doing and how they’re doing it,” Tierney told. “And if they start doing something you don’t understand, you don’t really have a way of dealing with it.”

Tierney and Munro, who both work UK-based security firm Pen Test Partners, demonstrated their thermostat ransomware proof-of-concept at the hacking conference Def Con on Saturday, fulfilling the pessimistic predictions of some people in security world.

The two took advantage of a bug in a particular thermostat, but declined to reveal which one since they haven’t had a chance to contact the company and get it fixed yet. The two said they found the vulnerability just a few days before Def Con, adding that they plan to contact the company to get it fixed on Monday. They also said the fix should be easy to deploy.

The thermostat in question has a large LCD display, runs the operating system Linux, and has an SD card that allows users to load custom settings or wallpapers. The researchers found that the thermostat didn’t really check what kind of files it was running and executing. In theory, this would allow a malicious hacker to hide malware into an application or what looks like a picture and trick users to transfer it on the thermostat, making it run automatically.

At that point, an evil hacker would have full control of the thermostat, the researchers said. “It actually works, it locks the thermostat,” Munro, who last year found that a Samsung smart fridge leaked Gmail passwords, said sitting next to three thermostats that were displaying the famous quote from the movie Hackers: “Hack The Planet.”

Tierney and Munro admit that in practice this is not an easy attack to pull off, as it requires people to actively download and transfer malware on their thermostats. But, for example, plenty of Android users in the past have gotten hacked by willingly installing malicious apps on their phones, as many did recently with a fake Pokemon Go app. So it’s not totally far-fetched.

In any case, while this particular ransomware is unlikely to ever hit people, it shows that as many expected, it’s possible to create ransomware for the smart devices, such as fridges or thermostats, and moreover, these devices are making not just themselves vulnerable to hackers, but all the devices connected to your Wi-Fi and any other devices connected to it as they are an entry point into your network. “You’re not just buying [Internet of Things] gear,” Tierney warned, “you’re inviting people on your network and you have no idea what these things do.”

Tags:
information leaks trends Internet of Things hackers
Source:
Motherboard
1949
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015