Skip to main content

Defcon heats up with smart thermometer ransomware

ransomware defcon smart thermometer iotthermom
KenMunro
Being hit by ransomware can be devastating and expensive for those affected by the encrypting malware, but it’s not just files and folders that are being targeted by it. As the Internet of Things (IoT) expands into many new connected devices, ransomware is able to go after them too, and smart thermometers are the latest kit found to be vulnerable to such attacks.

Fortunately this is one of those cases where the researchers proved it as a concept before it was seen in the wild, which at least keeps us a little ahead of the curve. UK based security researchers, Andrew Tierney and Ken Munro, both demonstrated this potential avenue of attack at the DefCon security conference in Las Vegas this week.

Together they became the first people to apply ransomware to a smart thermometer, which essentially operates like a small Linux box (thanks NextWeb) with a temperature sensor and some networking capabilities. The one in this case is also able to accept wallpapers and config settings from an SD card, which is what Tierney and Munro used to infect it with ransomware.

When enabled, the attack blocked all access to the thermometer’s functionality, covering it in a background which read: “Ha! You Suck! Pay 1 Bitcoin to get control back.” It doesn’t take much of a stretch of the imagination to understand how that might then direct an affected user to send that Bitcoin to a specific address.

Fortunately, putting the ransomware on this IoT device did require physical access to the SD card slot, but once it was infected, it was possible to take control via remote shell and IRC.

That is only the case for this brand and model of thermometer though, there are many other IoT devices that could potentially be infected remotely and though this is a proven vector and those are more hypothetical, the potential for ransomware expansion beyond desktops and laptops is very real.

So much so in fact, that the director of national intelligence, James Clapper, recently warned IoT devices could be used to monitor people in their own homes.

Editors' Recommendations

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
Most promising blood pressure monitoring tech in years isn’t out in the U.S. yet
aktiia blood pressure monitor automatically tracks your bp

Heart disease is one of the most prevalent and deadliest conditions in the world, especially because it can so often go undiagnosed. Many people walk around with severe complications that make them a ticking time bomb. Today, Aktiia announced the availability of the first-ever 24/7 automated blood pressure monitor -- something we got a first look at during CES 2020. Users wear the device and it gathers information about their blood pressure and other health metrics all throughout the day and night.

The device doesn't work like traditional blood pressure monitors. Rather than squeezing your arm each time it needs a measurement, the Aktiia Optical Blood Pressure Monitor monitors your blood pressure by analyzing the diameter of the blood vessels with each heartbeat. This happens automatically, so users are never aware of the test, and therefore do not skew the results by being anxious or behaving differently.

Read more
Household electrical usage increased in 2020. Here’s how a smart home can help
data shows increase in household energy use 2020 sense home monitor feature 625x417 c

A report released by Sense has revealed that home energy usage increased dramatically throughout all of 2020. Of course, this doesn't come as much of a surprise -- with the quarantine and lockdown protocols ensuring most people stayed at home during this time, the average amount of energy used increased by 9.3%. This translated to an overall average increase of $127 by the end of the year, with the highest increase taking place during the spring and summer months.

U.S. customers overall paid an increase of $1.21 billion, but this added cost was not distributed evenly across the country. Five states in particular saw the highest increase in rates, with residents in New York and Massachusetts facing an increase three times that of Florida. As the pandemic spread throughout the country, demand for electricity continued to rise up to 22%.

Read more
Samsung’s new upcycling program turns your old phone into a SmartThings device
samsung galaxy upcycling at home ces 2021 smartthings

The smartphone business isn't exactly the most eco-friendly. Companies have been working to correct that in recent years, like through programs that disassemble and reuse the metals inside of our phones, but there's still a long way to go. Samsung has announced an alternative solution to the problem, though -- the new Galaxy Upcycling at Home initiative that envisions your old Galaxy phones as smart home devices.

Galaxy Upcycling at Home works with Samsung's SmartThings smart home system and allows users to designate their old phones as a number of different things.

Read more