In the future, your household appliances or even your car could be turned against you—and it’s easier to do than you think.
Hackers recently demonstrated this by hacking a smart thermostat with ransomware, forcing it to stay at 99 degrees. The thermostat demanded $300 in bitcoins to regain its control.
The hackers said it was “so easy” to deliver ransomware via the Internet of Things (IoT), meaning people’s homes or vehicles could be upturned by hackers and held for ransom in the near future.
IoT and Ransomware: They’re ‘Not Prepared’
These days, more and more devices like Smart TVs, Smart Cars and Smart Refrigerators are designed to be networkable—but a door can be opened both ways.
It was this message two white hat hackers delivered at a DEFCON 24 security conference in Las Vegas last Saturday, demonstrating their proof-of-concept (PoC) IoT Ransomware.
“It (the thermostat) heats to 99 degrees, and asks for a PIN to unlock which changes every 30 seconds… you need to pay one bitcoin to unlock,” they said.
Since every process within the thermostat application runs with root privileges—like many household devices—no special admin permissions are needed to seize total control of the device.
Not Sci-Fi: Hacker Drones Can Scan Your IoT Home
The announcement was not the first warning sign that the IoT may be highly vulnerable to hacking. Security researchers recently made a drone capable of sniffing out nearby IoT devices.
During an 18 minute flight over Austin, Texas, the drone found nearly 1,600 Internet-connected devices. Not only that, almost all these devices were potentially open for hacking, from door locks to alarm systems and lightbulbs.
At the same DEFCON 24 conference that the IoT Ransomware was displayed, two different researchers showed how easy it was to hack most ‘smart’ locks with less than $200 worth of off-the shelf hardware.
In the end, 12 out of 16 yielded to their low-cost efforts; sometimes by something as simple as changing a byte of code.
How Can I Protect My Devices?
Currently, there are few ways to protect your Smart Devices on the user end, according to speakers at the DEFCON conference. The ball is in the manufacturer’s court to up security or face a possible future wave of home-targeting ransomware.
Backing up your data and systems is still the best defense against ransomware. You can protect your servers and desktops with BackupAssist and insulate yourself from growing ransomware threats like Cryptolocker, Samsam, Stampado and others.