- Southwest Airlines passengers receive free Nintendo Switch consoles and Mario Maker 2 Wednesday 9:10 PM
- The Deplorable Choir drops diss track aimed at 4 congresswomen from Trump’s racist tweets Wednesday 8:09 PM
- Florida city is pushing homeless people out by playing ‘Baby Shark’ on a loop Wednesday 7:27 PM
- A ‘Gossip Girl’ reboot is coming to HBO Max–and fans are not happy with the casting details Wednesday 6:44 PM
- Beto can’t leverage his slave owner ancestry to gain Black voters’ trust Wednesday 5:51 PM
- Oakland to become the third U.S. city to ban facial recognition Wednesday 5:50 PM
- ‘Release the Snyder Cut’ billboards pop up outside of San Diego Comic-Con Wednesday 5:24 PM
- Iggy Azalea and Peppa Pig have an epic Twitter fight Wednesday 4:39 PM
- Should you be concerned about your privacy on FaceApp? Wednesday 4:15 PM
- Google ‘terminates’ Dragonfly, its censored search engine for China Wednesday 3:33 PM
- AOC rips Facebook during Libra House hearing Wednesday 3:14 PM
- The time traveler conversation meme finds its way to TikTok Wednesday 2:52 PM
- Grimes claims she had an ‘experimental’ eye surgery and practices sword fighting Wednesday 2:42 PM
- 70 Border Patrol employees under investigation for posts in secret Facebook group Wednesday 1:45 PM
- Republican’s Operation Safe Return criticized as cover for mass deporation Wednesday 1:42 PM
Thankfully this was just a test.
In theory the internet of things is a sci-fi miracle; with a tap of your phone you can change the temperature of your home, unlock your door, or turn off your lights from a hundred miles away. A pair of white hat hackers would like us to remember that miracles can have a dark side. To make that point they decided to hack a smart thermostat and see if the temperature of your home could be held for ransom. The answer is yes.
Now before you run screaming for the hills, be aware that Andrew Tierney and Ken Munro’s hack required physical access to the thermostat in question to work. These hackers placed an SD card inside the device, which allowed them lock users out of the thermostat.
Rather than showing temperature controls the device’s display was set to say “You Suck! Pay 1 Bitcon to get control back. Due to a lack of security features the thermostat simply ran the files that were on the SD card. It’s a silly oversight, but one that belies the risk of not safeguarding these systems. How long will it be until a wireless device like this proves remotely hackable?
If you’ve ever faced a ransomware attack on your computer you know how helpless it makes you feel to not be able to check your email or use your files. Now imagine an attack that made your house 110 degrees until you paid an anonymous hacker one Bitcoin, or $599.98 USD.
In an interview with Motherboard the hackers explained that their motivation for this test was to show smart device developers they need to be aware of the risks of their products and take precautions to ensure they’re safe. “We don’t have any control over our devices, and don’t really know what they’re doing and how they’re doing it,” Tierney told Motherboard. “And if they start doing something you don’t understand, you don’t really have a way of dealing with it.”
This isn’t a new issue. Munro discovered last year that a Samsung smart fridge was capable of leaking your Gmail password. The trade off of convenience shouldn’t be security, but often in the rush to be first to the market, security does take a backseat. Munro and Tierney aren’t trying to break the system, they just want the people developing it to take precautions to ensure more unscrupulous hackers won’t use convenience to hurt users.
As of now, your smart thermostat is safe. But as our lives become more and more connected to the internet, it’s time we started to wonder if the same risks our computers face could find their way to our smart devices. If our computers are at risk of ransomware, how long before your smart thermostat is?
John-Michael Bond is a tech reporter and culture writer for Daily Dot. A longtime cord-cutter and early adopter, he's an expert on streaming services (Hulu with Live TV), devices (Roku, Amazon Fire), and anime. A former staff writer for TUAW, he's knowledgeable on all things Apple and Android. You can also also find him regularly performing standup comedy in Los Angeles.