First Ever Ransomware Hack Attack on a Thermostat

The ransomware message that Tierney and Munro were able to display on the vulnerable thermostat. (Image: Ken Munro)

Are you continuously facing ransom to unlock your laptop or mobile device? Well, these malicious locks on your devices might leave you feeling a little cold, or hot, depending on what season you’re in. Theoretically, your home or business “smart” thermostat could turn against you. Currently, in the zenith of internet connected devices and ransomware, hypothetical dangers are increasingly becoming a shocking reality.

Last week, two white hat technicians simulated what could happen if someone with ill intentions plotted to infiltrate your everyday smart devices, in this instance, a thermostat. The two researchers, Andrew Tierney and Ken Munro who performed the hack, aimed to make a point that there is a reality to the concept of our simple devices faltering when it comes to secure precautions of our network.

“We don’t have any control over our devices, and don’t really know what they’re doing and how they’re doing it,” Tierney told Motherboard. “And if they start doing something you don’t understand, you don’t really have a way of dealing with it.”

The thermostat ransomware act was demonstrated at a hacking conference, Def Con and raised eyebrows of those who were initially denying the possibility of it ever being a possibility. Although the actual hack would be an extremely difficult heist to pull, the hack would completely paralyze your thermostat leaving it at a temperature least likely to be desired.
In the demonstration, the researchers noted there would need to be a physical presence and SD card chip inserted into the device in order for the thermostat to be deemed inoperable. For the time being, it makes this hack very unlikely of happening in your home, but raises more questions as to why are we making these devices vulnerable enough to be controlled maliciously, and moreover, these “smart devices” connected to your WiFi represent an even bigger danger lurking in blindsided access points.