Ransomware Threatens IoT Devices
This post is also available in: 
עברית (Hebrew)
Ransomware attack is one of the scenarios that security experts have been worrying about regarding the widening use of the Internet of Things. It is a computer malware that installs covertly on a victim’s device, attacks it, and demands a ransom payment to restore it.
Two white hat hackers showed off the first-ever ransomware that works against a “smart” device, in this case a thermostat.
Luckily, according to Motherboard.vice, Andrew Tierney and Ken Munro, the two security researchers who created the ransomware, actually have no ill intention. They just wanted to make a point: some Internet of Things devices fail to take simple security precautions, leaving users in danger.
Tierney and Munro, who both work UK-based security firm Pen Test Partners, demonstrated their thermostat ransomware proof-of-concept at the hacking conference Def Con, fulfilling the pessimistic predictions of some people in security world.
The two took advantage of a bug in a particular thermostat, but declined to reveal which one since they haven’t had a chance to contact the company and get it fixed yet.
The thermostat in question has a large LCD display, runs the operating system Linux, and has an SD card that allows users to load custom settings or wallpapers. The researchers found that the thermostat didn’t really check what kind of files it was running and executing. In theory, this would allow a malicious hacker to hide malware into an application or what looks like a picture and trick users to transfer it on the thermostat, making it run automatically.
At that point, an evil hacker would have full control of the thermostat, the researchers said.
“It actually works, it locks the thermostat,” Munro said
In any case, it’s possible to create ransomware for the smart devices, such as fridges or thermostats, and moreover, these devices are making not just themselves vulnerable to hackers, but all the devices connected to your WiFi and any other devices connected to it as they are an entry point into your network.
“You’re not just buying [Internet of Things] gear,” Tierney warned, “you’re inviting people on your network and you have no idea what these things do.”
