Hackers demonstrated first ransomware for IoT thermostats at DEF CON
Oh goody, a hacker could crank up the temperature of a smart thermostat to a sweltering 99 degrees and leave the IoT device like that until its owner pays a ransom to regain control.
This is no longer a hypothetical attack; two hackers showed off the first proof-of-concept ransomware for smart thermostats; an attacker could set any temperature to try to melt or freeze the occupants until the ransom is paid. This first ransomware locked the temperate at 99 degrees until the owner paid a ransom to obtain a PIN which would unlock it.
Andrew Tierney and Ken Munro of PenTest Partners demonstrated the smart thermostat ransomware at DEF CON. It only took them a few days to hack the thermostat, and this was right before the security conference, so they would not reveal the manufacturer until they could report the vulnerability to the company. This particular IoT thermostat runs a modified version of Linux, has a large LCD screen – the better to show the ransom demand – and has an SD card.
To read this article in full or to leave a comment, please click here