At this year’s Def Con edition, a group of British cyber security experts has proved that thermostats in an IoT home can be infected with ransomware just like an ordinary computer.
Security researchers at Pen Test Partners declined to disclose the name of the thermostat maker, but there are online demos showing that Nest’s connected thermostats are just as vulnerable.
IoT or the Internet of Things is a much-hyped concept which promises higher efficiency, convenience, and productivity, but online security experts say that it has major gaps in security. So expect any IoT home that has a connection to the Internet to be vulnerable to cyber attacks as any device paired to the world wide web is.
PTP researchers, however, not only warned against IoT’s vulnerabilities. They also proved it. The demonstration happened in Las Vegas, Nevada at the famed hackers’ conference Def Con. The IT experts managed to infiltrate into a smart thermostat via a small, home-cooked piece of code.
The code enabled researchers seize the device, lock it up and display a message on its screen demanding ransomware from its owner. One of the researchers explained that IoT devices are more complex than regular appliances so if the user fails to understand how they work he has no way of dealing with any emerging problems.
Hackers usually resort to ransomware to make easy money from their victims. The cyber criminals take a computer or device ‘hostage’ until the user agrees to pay the ransom. If the user refuses, the seized information is either sold or destroyed. But if hackers get their money they usually never bother you again.
By contrast, hacking a thermostat in a connected home leads to more adverse consequences than having you data stolen. Cyber criminals can play with the temperature in your home until you hand the ransom payment over. Basically, they can make a room so hot that you will literally sweat the money out to make them stop.
Experts believe that hackers can even freeze rooms and pipes and do a lot more damage to connected homes. This can be devastating if the target of the ransomware attack is a hospital or business.
The only reassuring thought is that the two PTP experts needed physical access to the thermostat to do their thing. So, theoretically, your IoT nest is safe unless you allow dubious repairmen move around in it.
Image Source: Flickr