Defcon heats up with smart thermometer ransomware

ransomware defcon smart thermometer iotthermom
KenMunro
Being hit by ransomware can be devastating and expensive for those affected by the encrypting malware, but it’s not just files and folders that are being targeted by it. As the Internet of Things (IoT) expands into many new connected devices, ransomware is able to go after them too, and smart thermometers are the latest kit found to be vulnerable to such attacks.

Fortunately this is one of those cases where the researchers proved it as a concept before it was seen in the wild, which at least keeps us a little ahead of the curve. UK based security researchers, Andrew Tierney and Ken Munro, both demonstrated this potential avenue of attack at the DefCon security conference in Las Vegas this week.

Together they became the first people to apply ransomware to a smart thermometer, which essentially operates like a small Linux box (thanks NextWeb) with a temperature sensor and some networking capabilities. The one in this case is also able to accept wallpapers and config settings from an SD card, which is what Tierney and Munro used to infect it with ransomware.

When enabled, the attack blocked all access to the thermometer’s functionality, covering it in a background which read: “Ha! You Suck! Pay 1 Bitcoin to get control back.” It doesn’t take much of a stretch of the imagination to understand how that might then direct an affected user to send that Bitcoin to a specific address.

Fortunately, putting the ransomware on this IoT device did require physical access to the SD card slot, but once it was infected, it was possible to take control via remote shell and IRC.

That is only the case for this brand and model of thermometer though, there are many other IoT devices that could potentially be infected remotely and though this is a proven vector and those are more hypothetical, the potential for ransomware expansion beyond desktops and laptops is very real.

So much so in fact, that the director of national intelligence, James Clapper, recently warned IoT devices could be used to monitor people in their own homes.

Computing

Latest Facebook bug exposed up to 6.8 million users’ private photos

An API bug recently left an impact on Facebook users. Though the issue has since been fixed, some of the apps on the platform had a wrongful access to consumers photos for 12 days between September 13 and September 25. 
Home Theater

From the Roku Ultra to the Fire TV Cube, these are the best streaming devices

There are more options for media streamers than ever, so it’s more difficult to pick the best option. But that’s why we're here. Our curated list of the best streaming devices will get you online in no time.
Home Theater

Common AirPods problems, and how to fix them

Apple’s AirPods are among the best fully wireless earbuds we’ve seen, but they’re not perfect. If you’re having trouble, take a look at our guide to the most common problems and what you can do to fix them.
Wearables

These are the best smartwatches for everything from fashion to fitness

Tempted to buy a smartwatch? If so, then the growing number of great models available means you've got plenty to choose from. But which one should you pick? Here is our list of the best smartwatches.
Smart Home

Porch pirate problems? Keep them away with these tips and tricks

The holiday season is fast approaching and the packages are arriving on our doorsteps. Are you worried about porch pirates stealing your gifts this holiday season? Here are some tips to help protect your purchases.
Computing

Don't keep typing the same thing -- learn to copy and paste with these shortcuts!

Looking for useful Windows keyboard shortcuts? The most common are the cut, copy, paste and undo shortcuts compatible with all kinds of tasks. They can save you an awful lot of time if you learn how to use them.
Computing

You can now get a Surface Laptop 2 for $800 at the Microsoft Store

Along with deals on other variants, starting configurations of Microsoft's Surface Laptop 2 are now going for $800 online at its retail store, cutting $200 from its usual $1,000 starting price. 
Computing

Need a monitor for professional photo-editing? These are the very best

Looking for the best monitor for photo editing? You'll need to factor in brightness, color accuracy, color gamut support and more. Fortunately, we've rounded up the best ones for you, to help you make an educated purchase.
Computing

HDR monitors are beginning to have an impact. Here are the best you can buy

HDR isn't the most common of PC monitor features and is often charged at a premium, but the list of available options is growing. These are the best HDR monitors you can buy right now.
Computing

You’ll soon be able to scribble all over PDFs on your Chromebook

Chrome OS users may soon be able to doodle all over their PDF documents with the possible addition of a new feature in Chrome OS' PDF viewer. The annotation feature is expected to allow users to hand draw or write over their documents.
Virtual Reality

Oculus Rift vs. HTC Vive: Prices drop, but our favorite stays the same

The Oculus Rift and HTC Vive are the two big names in the virtual reality arena, but most people can only afford one. Our comparison tells you which is best when you pit the Oculus Rift vs. HTC Vive.
Computing

Microsoft’s Windows 95 throwback was just an ugly sweater giveaway

Microsoft's "softwear" announcement wasn't what we had hoped for. Thursday's announcement was not the new line of wearable tech or SkiFree monster sweater we wished for. But it did deliver the 90s nostalgia we wanted.
Home Theater

Confused about LED vs. LCD TVs? Here's everything you need to know

Our LED vs. LCD TV buying guide explains why these two common types of displays are fundamentally connected, how they differ, what to look for in buying an LED TV, and what's on the horizon for TVs.
Computing

Canada’s winters inspired a startup to warm homes with cryptomining heat waste

Cryptomining may be the key to untold riches and the future of currency, but it’s also an environmental nightmare. Heatmine, thinks it has the answer, but it could mean bolting a mining rig onto every home and business in the country.