If in this ecosystem we add the latest security issues, then the question is even greater. Yes, and we all know why, two security researchers tested the protection that a simple thermostat can be also used by the hackers to carry out the attacks like ransomware.
Hackers Create First-Ever Ransomware For The Smart Thermostats
The arrival of the Internet to our equipment, day-to-day represents new challenges of security and protection of user data. Hackers are increasingly targeting more the equipments which can be easily used by themselves to achieve further attacks.
If in this ecosystem we add the latest security issues, then the question is even greater. Two researchers have shown here that even a simple thermostat can be attacked and in this case, the attack is ransomware which was done on the victim.
These two security researchers tested the protection that a simple thermostat can be also used by the hackers to carry out the attacks like ransomware and through which they can easily managed to block it, forcing the payment of a “symbolic amount of 1 bitcoin.”
This device, which allows users to change the background image of your display and the configuration of other elements, runs a version of Linux. Failure is the permissions that are given by this equipment, which runs with the root user. There is also a problem which was not yet checked that which type of file does it receive, thus opening the backdoor for the attacker to be attacked.
Within minutes it was possible to run a simple javascript file, hidden in an image and then display the ransom message. As well as the attackers can also control the temperature of the thermostat, like they can increase the temperature or decrease the temperature of their own desire.
The two researchers who discovered this problem admitted that the infection may not be as simple as could be expected. As there is the need for physical access to the equipment, to simply upload the infected image via SD card. After this step, the most difficult of all, it is possible for the attackers to remotely control this thermostat as we mentioned earlier.
After the infection was discovered immediately before being presented, researchers chose to omit the mark of these thermostats. Immediately the company who manufactures the devices has been contacted to solve this problem and protect the equipments against these attacks.
This is just further proof that the Internet of Things (IOT) and all associated equipments need to be well protected against all the security vulnerabilities. As it is a new, where you can still walk to discover how it can be used, but these concerns should be present from the first day.