Ransomware has infamously been known as pieces of malware that lock up your computer files, and then demand a ransom, usually in form of Bitcoins or money gram cards, in order to set them free. Over time they have also traversed into the mobile world, infecting Android phones, and even the television set. And just recently, it seems that even things in the so-called 'Internet of Things' are not safe.
Two white hat hackers recently showed off a ransomware that infects a smart thermostat. Andrew Tierney and Ken Munro, who both come from a security company called Pen Test Partners, demonstrated this during a hacking conference called Def Con last Saturday.
The two demonstrated this by exploiting a bug in the thermostat's system, but they did not publicly state which one, as this has not been disclosed to the thermostat's maker just yet to get it patched. The thermostat they tested has a large LCD screen, and has an SD card slot, which allows anyone to customize the device's settings and wallpaper.
Through this, the hackers found out that the thermostat does not check the files running and executing on it. According to their experiment, this then would allow any cybercriminal to load malware into the thermostat, by disguising it as a picture or another innocent-looking file.
Despite this possibility, Munro and Tierney admit that this act is not easy to pull off, as it would require people to actively download and transfer malware on their thermostats. However, with the idea that people can easily transfer malware into their devices by downloading innocent-looking apps still makes this situation very likely to happen in the near future.
“You're not just buying [Internet of Things] gear,” Tierney stated. “You're inviting people on your network and you have no idea what these things do.”
While we still have yet to see where this crypto-malware travels next, it is best to stay safe on the internet, by being wary of the items we download and open.