Ransomware and the IoT

During a security conference, a gentleman demonstrated a thermostat that he compromised, lock out the user for a ransom. He was even able to make the thermostat emit a tone only animals can hear. Imagine your dogs or cats freaking out and you have no idea why?

img_9406

img_9416

Just an example as many know it costs less than 1 bitcoin to replace a thermostat, but you get the point!

This is why I really love this comic cover that Joy of Tech created. It really unveils just a few of the possibilities!

iotransomeware

http://www.geekculture.com/joyoftech/joyarchives/2340.html and they have some rad comics, please help support them.

A huge way we as the public can stop the illustration from happening is to be a little more cyber savvy about what we buy or connect to the Internet. Many of the devices are not built with security in mind. It’s even basic stuff too like having the ability to change a device’s username and password. If manufacturers added small features as that, or having the device force the consumer to change the initial password for it to work (which, sometimes does generate support calls that have to be staffed). Consumers, with the knowledge should not even purchase these devices if they know they aren’t secure, or making extra steps to secure these devices (which is usually left to advanced, in the industry, users.)

Corporate mindsets on the business side also need to realize that risk isn’t just “can I steal a credit card” from Internet enabled devices. There is a lot of indirect risk than financial. Reputational risk is huge! Part of our mindsets should be about due diligence and about being a public steward on safety and security and realizing that Internet connected devices are also computers, sometimes with a web server, that can be:

  • used in an attack
  • used to host child porn
  • used to spy by video and microphone
  • setup as a SPAM or Phishing mail server
  • used to purchase unnecessary items in bulk (ALEXA, ORDER ME 1,000 GALLONS OF TIDE LAUNDRY DETERGENT), and with that picture above
  • turn your heater on in the summer and your A/C on in the winter
  • blasting your least-favorite songs in your media library really, really, loudly.

Who knows what else you can be exploited and blackmailed for.

img_9425

Anyone bluetooth scanning in your neighborhood?

If you already have devices in your house, don’t brag about them without first locking them down… even then, be a little reserved about it on your social profiles.

This entry was posted in Security Blog and tagged , , , , , . Bookmark the permalink.