A few years back, the IoT technology sounded more like some futuristic science fiction movie scenario. But today, the Internet of Things (IoT) is becoming an inseparable part of the contemporary household. Even the daily electronics, such as coffee machines, refrigerators, cars and building facilities are now connected and controlled via the Internet. Unfortunately, where’s connectivity, there are always some evil-minded individuals that seek to gain profit from the unsuspecting users.
In the DEF CON security conference that took place at the beginning of August, the security researchers have proven how easy it is to hack devices such as thermostats that can be found in most American homes. A “smart”, touchscreen climate control device was chosen for the inspection. After analyzing the selected SD card used for storing user’s custom wallpapers, the researchers were quick to find a vulnerability in the setup of the thermostat’s system. This weakness allowed them to gain administrative privileges and install a demo version of a ransomware on the device. After that, the researchers were able to mess with the levels of the room temperature, exposing the supposed victims to an extreme heat or cold. In a real situation, the settings would not be changed back until the victims pays a ransom to get back the control.
Although this was a simulated experiment, such an easy take-over of a relatively simple device only suggest that it is just a matter of time when incidents like that start to occur in real life. Besides, there are more serious areas that can be affected. For instance, already in 2013, a similar experiment has been conducted, the only difference was that instead of the thermostat, the researchers used cars. The “hackers” managed to honk the car’s horn, mess with the seat belt and even disable brakes or take over the control of the steering wheel. Frankly, the control of this vehicle was solely in the hands of hackers.
Having in mind the rapid development of the IoT technology, the possibilities of the potential wrongdoings seem infinite. We, as representatives of the cyber security community, urge you to invest in the protection of your home network and demand a more security-oriented attitude from the manufacturers of various devices and other technologies that surround you every day.