I read an interesting article the other day about a talk at DEF CON – Thermostat Ransomware: A Glimpse into the Future of Crime in Cities
It was about how the speakers did a proof of concept of a ransomware infection of a smart thermostat. My first reaction (as a geek) was, “Cool!” Then I started thinking about this. On the surface, the Internet of Things (IoT) is a great idea. It will bring me one step closer to the world of The Jetsons (though I am still waiting for my flying car). Won’t it be great when your toaster, coffee maker and refrigerator can chat?
“I noticed that Joel was having coffee and a bagel for breakfast this morning, Yes, he usually does on Wednesday – I guess that tomorrow, he will want yogurt and blueberries” – at this point, the refrigerator chimes in – “I don’t see any blueberries in here, I guess I better contact AmazonFresh and have them drone in a box.”
You laugh, but I can see Jeff Bezos having this very conversation. I can see this happening in the future (maybe even in my lifetime).The problem is, as wonderful as this may be, the opportunities for abuse stagger the mind.
Going back to our thermostat, my hack would be to set the temperature either very high or very low (depending on the season), then encrypt the device so that it can’t be changed. At this point, I would require a ransom to get it unlocked. A few days of the heat coming up when its 90 degrees outside will send most people to the bitcoin bank to get control back.
Now, messing with your thermostat, while really annoying, is not the end of the world – for about $250, you can replace it and get your house back. Lessons learned, always make sure you change all default passwords, and figure out how to install any updates to your devices that are available.
What worries me is that you can also break into many of the new cars using the WiFi hot spots. I can afford to replace a thermostat, but if someone were to encrypt the brakes on my car, I would have a serious problem – I only hope that the dealer can reload the firmware and will not have to charge me for a new computer system.
As we move forward into the brave new world of The Jetsons (which aired September 23, 1962), we need to make sure that the merger of the real and virtual world does not leave us all standing in the dark saying “Jane, stop this crazy thing.”