- How to stream Steelers vs. 49ers in NFL Week 3 action 3 Years Ago
- How to stream Bills vs. Bengals in NFL Week 3 action 3 Years Ago
- Colt halts production of AR-15s for civilians 3 Years Ago
- If you love long-winded, hashtag-heavy Instagram captions, these apps can help Today 2:54 PM
- Teen girls on TikTok have convinced the internet that they eat their tampons Today 2:33 PM
- Twitch streamer faces criticism for trying to defend racist jokes Today 2:03 PM
- How to stream Raiders vs. Vikings in Week 3 Today 12:55 PM
- NRA calls Beto O’Rourke ‘AR-15 salesman of the month’ in wake of buyback proposal Today 12:03 PM
- After 23 deaths, Sean Bean is tired of getting killed on-screen Today 11:48 AM
- Stephen Miller has a girlfriend—and people are stunned Today 11:35 AM
- Mickey Rourke says Robert De Niro iced him out of ‘The Irishman’ Today 11:07 AM
- Conservative men are melting down over Elizabeth Warren’s speech Today 10:40 AM
- People are calling rapper Tekashi 69 a ‘snitch’ for outing gang members Today 10:16 AM
- Greta Thunberg tells Congress to ‘listen to the scientists’ about climate crisis Today 9:55 AM
- Maybe we should start taking Tom DeLonge seriously about UFOs Today 9:11 AM
In theory the internet of things is a sci-fi miracle; with a tap of your phone you can change the temperature of your home, unlock your door, or turn off your lights from a hundred miles away. A pair of white hat hackers would like us to remember that miracles can have a dark side. To make that point they decided to hack a smart thermostat and see if the temperature of your home could be held for ransom. The answer is yes.
Now before you run screaming for the hills, be aware that Andrew Tierney and Ken Munro’s hack required physical access to the thermostat in question to work. These hackers placed an SD card inside the device, which allowed them lock users out of the thermostat.
Rather than showing temperature controls the device’s display was set to say “You Suck! Pay 1 Bitcon to get control back. Due to a lack of security features the thermostat simply ran the files that were on the SD card. It’s a silly oversight, but one that belies the risk of not safeguarding these systems. How long will it be until a wireless device like this proves remotely hackable?
If you’ve ever faced a ransomware attack on your computer you know how helpless it makes you feel to not be able to check your email or use your files. Now imagine an attack that made your house 110 degrees until you paid an anonymous hacker one Bitcoin, or $599.98 USD.
In an interview with Motherboard the hackers explained that their motivation for this test was to show smart device developers they need to be aware of the risks of their products and take precautions to ensure they’re safe. “We don’t have any control over our devices, and don’t really know what they’re doing and how they’re doing it,” Tierney told Motherboard. “And if they start doing something you don’t understand, you don’t really have a way of dealing with it.”
This isn’t a new issue. Munro discovered last year that a Samsung smart fridge was capable of leaking your Gmail password. The trade off of convenience shouldn’t be security, but often in the rush to be first to the market, security does take a backseat. Munro and Tierney aren’t trying to break the system, they just want the people developing it to take precautions to ensure more unscrupulous hackers won’t use convenience to hurt users.
As of now, your smart thermostat is safe. But as our lives become more and more connected to the internet, it’s time we started to wonder if the same risks our computers face could find their way to our smart devices. If our computers are at risk of ransomware, how long before your smart thermostat is?
John-Michael Bond is a tech reporter and culture writer for Daily Dot. A longtime cord-cutter and early adopter, he's an expert on streaming services (Hulu with Live TV), devices (Roku, Amazon Fire), and anime. A former staff writer for TUAW, he's knowledgeable on all things Apple and Android. You can also also find him regularly performing standup comedy in Los Angeles.