Yep, the nasty ransomware has made the leap from computer and smartphones to Internet of Things devices. Turns out these devices are much easier to hack than you think, now we can find our thermostat locked up to 99 degrees and demanding hundreds of dollars in Bitcoins to regain its control.
Two researches (white hat hackers) showed off the first proof-of-concept (PoC) ransomware that infects a smart thermostat. They chose a US thermostat that runs a modified version of Linux, and has an SD card slot to allow users to load custom settings. What they found is that the thermostat didn't really check the files executing on it, which allowed them to load malware into the device, locking the screen and showing a classic ransom note.
However, installing the ransomware requires the hackers to either have physical access to the thermostat or trick the victim into loading malicious files on the device on his own.
As the number of IoT users proliferate, and as the devices become mainstream household appliances, attackers will have a large number of entry points to affect users some or the other way. Thankfully, the researchers said the patch should be easy to deploy.
Source: TNW