Skip to main content

Will Your Thermostat Be The Next Device Held For Ransom?

By September 12, 2016May 25th, 2021Blog, Cybersecurity

WillXYourXThermostatXBeXTheXNextXDeviceXToXBeXHeldXForXRansomAn interesting and disturbing new form of Ransomware was on display at this year’s Def Con convention, in Las Vegas. So far as anyone knows, this is the first, proof of concept ransomware that targets smart thermostats. Yes, you read that correctly. The new ransomware is specifically designed to target smart thermostats.

Various security experts have been warning for years that not nearly enough attention was being paid to security where the Internet of Things is concerned, and this latest demonstration puts the exclamation point at the end of that sentence. The hackers were amazed at how easy it was to set up and execute the hack, comparing it to breaking into a security riddled Linux box from the 1990s.

This demonstration was performed as a local hack, meaning the hackers had to physically have access to the thermostat in question, but once performed, it gave them root level control over the device, allowing them to run both the heat and the AC simultaneously, turn the heat up to 99 degrees and leave it running constantly, while displaying a message that the unit had been compromised, and instructing the owner to pay one BitCoin to regain control of their system.

In order to prevent the user from regaining control via some other means, the software was designed to generate a PIN that changed every thirty seconds.

Given that this is a local attack, it’s somewhat more difficult to pull off than a remote attack would be, but bear in mind that this is merely the first generation of the software. You can bet that work has already begun on a variant that will allow the attack to be conducted remotely, and given the proliferation of internet enabled devices, this type of attack is certain to spread. Internet Objects are notoriously lacking in security features that come standard on all PCs and Smartphones, making them easy targets for any would-be hacker.

If you’re concerned about the state of your company’s digital security, contact us today, and we’ll have one of our knowledgeable staff members contact you to see how we can help.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.