To prove their theory, cyber security specialists at Pen Test Partners infested a connected thermostat with ransomware. The malicious code locked down the device and displayed the “Ha! You Suck” message on its screen demanding one Bitcoin to let the ‘hostage’ go.
Additionally, hackers said that they could have done a lot more damage if they wanted to. For instance, if you fail to pay the ransom, they can play with environmental temperature in your cozy, connected home. So basically they can heat up the temperature until you sweat that ransom money out of your pockets, or lower temperatures to make living in your home a living hell.
The scenario sounds terrifying but it can happen in the real-world too, experts say. Nevertheless, PTP hackers needed direct access to the thermostat to upload the malicious software. But they were able to build the malware from the code provided by the device’s own maker with the intention of helping users customize a wallpaper.
Hackers warn that although customization is a nice feature it can also open the gates wide to evil-doers. So, ensure that you let your thermostat do its job as a thermostat and use other devices to browse through your digital images.
So far, PTP researchers were able to only demonstrate how to hack a thermostat with immediate access to it. So, your home is secure as long as you don’t allow suspicious repairmen to have a look at your IoT devices.
Black Hat attendees explained that IoT is not as secure as we may think because any Ethernet or Wi-Fi network can be hacked. So, expect many Internet-enabled household objects such as light bulbs to be less secure than their manufacturer states.
And while manufacturers devote more of their time to popularize IoT technologies than to raising security, there are hackers with plenty of time on their hands who seek vulnerabilities in IoT products.
Image Source: Flickr