Got a smart thermostat? That may not be a good thing. At DEF CON earlier this month, hackers demonstrated how incredibly easy it is to hack a WiFi thermostat, taking advantage of heating, ventilation, and cooling systems in return for ransom. No longer a hypothetical “what if,” someone with the knowledge could quite literally break into these systems and melt or freeze the occupants until a ransom is paid to obtain a PIN to unlock it. If your thermostat runs a modified version of Linux, has a large LCD screen, and also an SD card, you’re up.
The various hacks are pretty brutal — consider this: your heater set to 99 degrees until you pay up. Or — even worse, blasting heat and cold air at the same time so that you “bleed money for the utility bill” until you give them what they want so that they give up (but will they?).
The example was shown on a thermostat that had local SD storage, indicating that hackers needed physical access to the device. But there could be other ways to break in, especially becasue the software is not sophisticated enough for the device’s OS to discern between legitimate pictures (or similar supported files) and malware disguised as one.
We’re in for trouble. With IoT gaining steam, we’re also giving the determined hacker the opportunity to break into far more systems than ever thought possible. From TVs to energy grids to fictional (for now) smart cars, our growing Internet landscape is rife for hackers to get their hands dirty (and make some cash in the process).
Your IoT devices may seem cool and you may look to be one of the coolest people on the block, but it’s just another hole for hackers to access–a playground for your remote friends. Hackers will eventually get in.
It’s up to the manufacturers to be mindful of the potential breaches these new devices create–and patch them as soon as possible. Zero day exploits need zero day resolution. Our lives depend on it.