Tuesday, August 9, 2016

"Thermostats can now get infected with ransomware, because 2016"

It's bad enough that thermostats can be hacked but ransomeware? That's just nasty.

From The Next Web:

Thermostats can now get infected with ransomware, because 2016
If you’ve encountered ransomware before, you’re familiar with how incredibly destructive it can be. It literally holds your computer and files hostage unless you cough up a steep ransom, usually paid in Bitcoin.

Now, it looks like ransomware is about to make the leap from computers and smartphones to Internet of Things devices.

Andrew Tierney and Ken Munro – two UK-based researchers for IT security firm Pen Test Partnersdemonstrated the world’s first ransomware for a smart thermostat earlier this week at the DefCon security conference in Las Vegas.

The Wi-Fi enabled thermostat that the researchers targeted is basically a Linux computer. It allows the user to upload wallpapers and configuration settings through an SD card; that’s what they use as a vehicle to install a malicious program onto the device. At this point, an attacker would have full control over the thermostat.

It’s worth noting that for a device to be infected, an attacker would need physical access, or the owner would have to be tricked into infecting their own thermostat.

So far, the name and manufacturer of the device affected hasn’t been publicly announced. That’s because the researchers only identified the vulnerability two days before the conference was scheduled to start, and have not been able to contact the manufacturer in order to arrange a fix.
Thankfully, Tierney and Munro both believe that it will be an easy problem to patch.

This episode illustrates the troubling fragility of Internet of Things devices. There are far too many of them that have shipped with vulnerabilities that leave their users at risk, from Wi-Fi enabled kettles that leak network passwords, to “smart fridges” that broadcast the user’s Gmail credentials in plaintext....MORE
Recently:
Oh Great, Now Our Brains Can Get Hacked