Aug 09, 2016

How much of a security problem Is ransomware for IoT?

How serious of an issue is ransomware for IoT (internet of things) enabled devices? Is this something to worry about, or is it one of those “maybe possibly theoretically it could be an issue” type things?
It's not a huge problem....yet. However, it's not just hypothetical. At DEF COM two "white hat" hackers showed that it was possible to install ransomware on a smart thermostat. It wasn't easy, and there aren't enough smart thermostats on the market to make it a very attractive target, but it can be done.

More details:
"This is no longer a hypothetical attack; two hackers showed off the first proof-of-concept ransomware for smart thermostats; an attacker could set any temperature to try to melt or freeze the occupants until the ransom is paid. This first ransomware locked the temperate at 99 degrees until the owner paid a ransom to obtain a PIN which would unlock it.

Andrew Tierney and Ken Munro of PenTest Partners demonstrated the smart thermostat ransomware at DEF CON. It only took them a few days to hack the thermostat, and this was right before the security conference, so they would not reveal the manufacturer until they could report the vulnerability to the company. This particular IoT thermostat runs a modified version of Linux, has a large LCD screen – the better to show the ransom demand – and has an SD card."
Answer this