• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Holding homes hostage: How the IoT can be used for extortion

Holding homes hostage: How the IoT can be used for extortion

  • Posted on:August 23, 2016
  • Posted in:Industry News, Security
  • Posted by:Christopher Budd (Global Threat Communications)
0
What threats to the IoT pose to users?

The Internet of Things is seen by many as the next great technological leap of this generation. Internet connectivity is all about convenience, and the rapidly lowering prices of the hardware necessary to get online are making it easier than ever to connect just about every object on the market. However, the IoT is still in its early stages, and that means criminals from all around the world are working diligently to break it. 

There is already a major problem of people not taking proper cyber security precautions with devices such as smartphones, and this issue is only going to get worse with the introduction of unconventional connected devices. So where do challenges lie, and what should the average consumer do to overcome them?

Vulnerabilities exist

The number of ways hackers are developing to gain access to IoT devices are just as varied as the number of gadgets out there. Trend Micro researchers have noticed that a lot of these IoT machines rely on outdated protocols such as TCP/IP. This is cause for concern because hackers have had years to devise ways to bend these protocols to their whim. What's more, the operating systems that IoT devices use are generally out of date as well, which simply compounds the problem. 

However, perhaps one of the easiest ways hackers will access IoT machines is due to a lack of proper password protection. As stated, a lot of people have trouble understanding that their smart devices need just as much protection as their computers, and in fact function in very similar ways. To that end, a large portion of the population isn't aware that IoT gadgets often have passwords. 

Much like many other pieces of hardware, certain IoT machines have preprogrammed default passwords to allow workers in the factory to test the device's functionality. When people don't change these passwords, they're opening themselves up to attack. Hackers can very easily find these phrases online – or even guess them – which allows them to gain control over the device's inner workings. 

Hackers have proven they can own these devices

Clearly, there are a lot of security issues within IoT gadgets, but where does the extortion come in? Well, hackers Andrew Tierney and Ken Munro decided to answer this very question at DEFCON 2016. This pair went ahead and developed a method for downloading ransomware on a smart thermometer, the exact brand of which they refuse to disclose. 

Basically, this attack works much like a regular ransomware infection in that the user no longer has direct control over the device. However, the key difference is that instead of encrypting files, this particular piece of malware cranks the heat up to 99 degrees Fahrenheit and literally sweats the victim until they pay a ransom of one bitcoin. To add another layer of misery, Tierney and Munro changed the PIN needed to to unlock the device every 30 seconds.

Although this particular attack was levied via a local SD card slot connection, it certainly could have been pulled off from far away simply by fooling the victim into downloading malware onto the device. What's more, Tierney raised the point that a hacker could also easily sell a used smart thermostat online with the ransomware already present. 

There is hope

Despite all the doom and gloom here, users shouldn't steer clear of the IoT just because it has security vulnerabilities. To begin, quite literally every connected device can be hacked if proper cyber security measures aren't taken. Something as simple as changing the default passwords on your IoT gadgets could easily prevent disaster. 

On the other hand, there's a lot of money going into IoT security research right now. In fact, Gartner expects IoT cybersecurity spending to exceed $547 million by 2018. As the trend's popularity continues, this number will most likely continue to go up, but the point here is that there are people working to make the IoT safer. 

With the increasing number of IoT devices comes the risk of extortion. But, the same could be said with the increase in smartphones or laptops or tablets. Those willing to take the extra steps necessary to protect themselves will most likely be able to avoid a run in with a hacker. 

Related posts:

  1. How Digital Extortion Impacts Today’s Enterprises
  2. Hackers are holding up banks, digitally
  3. Stayed tuned: Smart TV ransomware is just the beginning of IoT extortion
  4. Cyber extortion proves importance of email security

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Trend Micro Asks Students How Their Relationship to the Internet Has Changed During COVID-19
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.