contador Saltar al contenido

The dangers of the IoT: smart thermostats at risk of blackmail ransomware

"Ransomware" is the term used to define malware that blocks a device, software or service, asking victims to pay a ransom to restore encrypted files or blocked devices. The latest potential threat that comes from the cybersecurity sector is the discovery of the possibility of writing a ransomware capable of infecting, or rather keeping smart thermostats "hostage".

British security firm Pen Test Partners researchers Andrew Tierney and Ken Munro demonstrated this possibility at the DefCon security conference in Las Vegas. The WiFi thermostat that researchers have targeted essentially a small computer running Linux.

The user can download wallpapers and set settings using an SD memory card. The latter is the mechanism used to install a malicious application and allow the attacker to gain full access to the device.

Obviously for the attack to be completed, the attacker must have physical access to the device or the owner of the thermostat deceived with social engineering techniques and invited to insert a memory card modified ad hoc in the system.

At the moment it is not clear what is the specific brand and device used by researchers for their demonstration. The vulnerability would have been discovered two days before the start of the conference and they have not yet had time to prepare the documentation with the details to be sent to the manufacturer to inform him of the problem.

According to the two, the vulnerability should not be complex to solve. However, the illustrated demonstrates once again the absence of security features in many devices for the Internet of Things, a problem underestimated by some manufacturers.

There are thousands of products on the market, many of which are vulnerable and never updated by manufacturers. Vulnerable objects range from baby monitors to air conditioners to cars. Everything that connects to the web potentially carries risks.

Manufacturers should engage in the development of safe, reliable, upgradeable solutions, rethinking security policies in a coordinated way.

It would be good for users but also for companies themselves: a good reputation in terms of security could be the flagship of any IoT solution vendor.

ransomware "width =" 740 "height =" 580 "srcset =" 740w, wp-content / uploads / 2016/08 / ransomware740-480x376.jpg 480w "data-lazy-sizes =" (max-width: 740px) 100vw, 740px "src =" content / uploads / 2016/08 / ransomware740.jpg "/></p><p></p><!-- WP QUADS Content Ad Plugin v. 1.8.17 --><div class=