It is currently 15-12-2017 13:07

The experts at Pen Test Partners have created a ransomware infecting thermostats

The experts at Pen Test Partners have created a ransomware infecting thermostats

by seo_worker » 2016-08-11 12:53:03



A device connected to the Internet of things, are very poorly protected from hacking and is a well known fact. So, we already talked about cases of hacking of smart coffee machines and kettles. But, it would seem, than can be dangerous hacking of the TV or the coffee maker? Researchers Ken Munro (Ken Munro) and Andrew Tierney (Andrew Tierney) from the British firm Pen Test Partners has demonstrated that the vulnerability of IoT devices can bring cyber criminals benefit. The experts have created a extortionate malware infecting thermostats.

At DEF CON in Las Vegas Munro and Tierney demonstrated proof-of-concept ransomware that was created to attack on smart thermostats. The target of your hack experts have chosen a device with a large display, which is running a modified version of Linux and has a slot for an SD card that allows users to download customize Wallpaper. Neither the manufacturer nor the model researchers do not call.

The researchers say that IoT device does not check which files loaded on it and what it runs. Moreover, almost all the processes of thermostat are working with root privileges, which only eased the task of researchers. Munro and Tierney has uploaded to device JavaScript file size of 7 MB, which made the request to the SQL database and made Linux to perform a series of commands.

Qoute:"He brings the temperature up to 99 degrees [of 37.2 Celsius], and then asks for a PIN code to unlock, which changes every 30 seconds. We connected to the case IRC bot executable file accesses the channel and uses MAC-address [device] as an identifier. To unlock the device, you need to pay a ransom in bitcoin," said Andrew Tierney.



In this case, intrusion of the thermostat extortionist researchers have used a specific vulnerability in this devices, but refused to disclose details about the bug, as they have not reported the problem to the manufacturer.

The researchers acknowledge that shows at the conference, the attack is far from ideal. At the present time to crack the thermostat will need either physical access to the device, or it is necessary somehow to convince the device owner to upload a malicious file. However, Munro and Tierney explained that came up with this scheme of attack literally in one evening, going to a conference, so they didn't have time to sharpen the attack.

Qoute:"You don't just buy an IoT device, you invite people to your network, having no idea what this thing can do," warns Andrew Tierney, speaking about the insecurity of IoT devices as a whole.
seo_worker
moderators
Сообщений: 789
Депозит: 0.005 BTC

Rating: 2