- Fortnite is getting an Avengers Endgame event 3 Years Ago
- The living are facing the end of the world in the latest ‘Game of Thrones’ 3 Years Ago
- Warren’s plan to cancel student debt stimulates the bad-take economy 3 Years Ago
- Video shows Easter Bunny punching man on sidewalk 3 Years Ago
- Twitch streamer inadvertently documents all the times she was sexually, verbally harassed on vacation Today 1:12 PM
- Raptors coach Nick Nurse becomes a relatable meme Today 1:12 PM
- Man wears bandage that blends in with his skin tone, and Twitter has all the feelings Today 12:55 PM
- The 8 best Korean sunscreens to add to your bag Today 12:15 PM
- New ‘Avengers: Endgame’ commercials drop a few big spoilers Today 11:58 AM
- 11 party games for people sick of playing Cards Against Humanity Today 11:45 AM
- Curvy Wife Guy makes the most Curvy Wife Guy pregnancy announcement Today 11:31 AM
- ‘A Fortunate Man’ is a gorgeous, shallow adaptation of a classic novel Today 11:30 AM
- Obama’s ‘Easter worshippers’ tweet upsets conservatives Today 11:04 AM
- Trump responds to impeachment calls: ‘You can’t’ Today 10:43 AM
- Desperate YouTuber goes on ‘holy pilgrimage’ to meet PewDiePie Today 10:33 AM
Thankfully this was just a test.
In theory the internet of things is a sci-fi miracle; with a tap of your phone you can change the temperature of your home, unlock your door, or turn off your lights from a hundred miles away. A pair of white hat hackers would like us to remember that miracles can have a dark side. To make that point they decided to hack a smart thermostat and see if the temperature of your home could be held for ransom. The answer is yes.
Now before you run screaming for the hills, be aware that Andrew Tierney and Ken Munro’s hack required physical access to the thermostat in question to work. These hackers placed an SD card inside the device, which allowed them lock users out of the thermostat.
Rather than showing temperature controls the device’s display was set to say “You Suck! Pay 1 Bitcon to get control back. Due to a lack of security features the thermostat simply ran the files that were on the SD card. It’s a silly oversight, but one that belies the risk of not safeguarding these systems. How long will it be until a wireless device like this proves remotely hackable?
If you’ve ever faced a ransomware attack on your computer you know how helpless it makes you feel to not be able to check your email or use your files. Now imagine an attack that made your house 110 degrees until you paid an anonymous hacker one Bitcoin, or $599.98 USD.
In an interview with Motherboard the hackers explained that their motivation for this test was to show smart device developers they need to be aware of the risks of their products and take precautions to ensure they’re safe. “We don’t have any control over our devices, and don’t really know what they’re doing and how they’re doing it,” Tierney told Motherboard. “And if they start doing something you don’t understand, you don’t really have a way of dealing with it.”
This isn’t a new issue. Munro discovered last year that a Samsung smart fridge was capable of leaking your Gmail password. The trade off of convenience shouldn’t be security, but often in the rush to be first to the market, security does take a backseat. Munro and Tierney aren’t trying to break the system, they just want the people developing it to take precautions to ensure more unscrupulous hackers won’t use convenience to hurt users.
As of now, your smart thermostat is safe. But as our lives become more and more connected to the internet, it’s time we started to wonder if the same risks our computers face could find their way to our smart devices. If our computers are at risk of ransomware, how long before your smart thermostat is?
John-Michael Bond is a tech reporter and culture writer for Daily Dot. A longtime cord-cutter and early adopter, he's an expert on streaming services (Hulu with Live TV), devices (Roku, Amazon Fire), and anime. A former staff writer for TUAW, he's knowledgeable on all things Apple and Android. You can also also find him regularly performing standup comedy in Los Angeles.