Ransomware on the IoT
First, let me say this – we get other tech newsletters, and a couple of them — one in particular — seem to thrive on scaring people with desperate headlines: DOOM! DOOM! DOOM! We don’t to be like them, but we do want you to be informed. So today, we are going to give you some information on TNBT — or The Next Big Thing.
The IoT – a clever acronym for the Internet of Things – is creeping into all of our lives, a little bit more every day. From our thermostats, to our toasters, to our locks on our front doors the IoT is creeping into our lives. By 2020 cars will be more like a computer on wheels – but even now, many of your car’s functions are controlled by computers, some are connected to the IoT.
We are all aware, I think, of what ransomware is and what it can do to our computers. It can lock up our files and make them inaccessible unless we pay the ransom. These ransoms can run into the hundreds of dollars.
But the IoT opens up a whole new world to ransomware creators because the devices on IoT are designed to be interconnected, but with little or no security – in other words you can’t install security software on your “Smart” toaster, or your “Smart” thermostat, or the “Smart” locks on our doors. But even more scary are the medical devices like pacemakers, insulin pumps, which operate on the IoT and expose the individual using them to the risk of paying a ransom just to stay alive. It’s pretty serious and scary stuff to contemplate.
The the Institute for Critical Infrastructure Technology (ICIT) recently published a report entitled “Combatting the ransomware blitzkreig”,
IoT devices offer a potential growth bed to any ransomware operation because the devices are interconnected by design and many pointedly lack any form of security. A selection of traditional malware will be too large to ever run on a number of IoT devices, but ransomware, predominantly consisting of a few commands and an encryption algorithm, is much lighter.How much do you predict someone would pay to remove ransomware from a pacemaker? The scenario is not too far-fetched; in fact, it is much more deadly. Many medical devices, such as pacemakers, insulin pumps, and other medication dispersion systems are internet or Bluetooth enabled. Ransomware could utilize that open connection to infect the IoT device.
One truth we all already know is: Cybercriminals don’t care who they hurt. So for those using health equipment connected to the IoT, instead of being “Your Files Are Locked. Pay $300 to Unlock Them” could be “Pay Up or Die”.
The people who design these IoT connected devices have good intentions. But the struggle between good and evil has gone on since the day man first walked the Earth and technology allows good and bad things to happen faster.
Smart thermostats, refrigerators, washers, dryers, toasters, TVs, cars are all connected to the IoT – and all of them are built with very little security – they are all targets. And while you may not pay a ransom to get your toaster back, you may pay a ransom to be able to start your car. And worse, with pacemakers and other critical medical “smart” devices connected to the IoT the ransom may be a life.
The IoT is just beginning to blossom. Our lives are changing and nobody’s sure where all this is going to end up.
I hope that soon, those good people who make our lives easier and better through technology put a lot more emphasis on security – or none of us may ever be able to afford the ransom to get our lives back.
I don’t want to scare you; I just want you to think.
Please let us know what you think.
**More good reading on medicine and IoT can be found here.**