Posted on 12/19/2020 2:16:23 PM PST by TigerLikesRoosterNew
Researchers show no IoT device is too small to fall victim to ransomware techniques.
There's no question that ransomware has become one of the most feared (and loathed) cybersecurity attack types. The idea of your critical data sitting on your hard drives yet inaccessible is, frankly, terrifying. And a new study shows it could get much, much worse.
You know that cup of coffee that's pretty much the only thing that can get you out of bed most mornings? Well, some eye-opening ransomware research came out with the announcement of a proof-of-concept ransomware attack on a coffee maker. Losing access to critical data is one thing. Losing access to coffee is, as Vizzini said in "Princess Bride," "Inconceivable!"
But coffee makers may only be the tip of the inconceivable ransomware iceberg.
"I think the important thing to remember is that these issues are not new, but there are new tools to access these issues and to leverage them and to exploit them," says Kiersten Todt, managing director of the Cyber Readiness Institute. She points out that giving yourself the ability to control Internet of Things (IoT) systems from 3,000 miles away gives others the same ability. And those IoT systems can extend far beyond caffeine delivery. While the infamous Target attack of 2013 took criminals from an HVAC contractor to Target's customer database, modern converged IT/OT systems can easily see lateral movement in the other direction.
And, as Terence Jackson, CISO at Thycotic, says, "I would say you wouldn't want to see your connected refrigerator or HVAC system 'ransomwared.' That would be a disaster."
While the idea of lateral movement between IT and OT systems in the enterprise could be disastrous, the current work-from-home environment means that attacks against residential IoT systems could have a significant impact on productivity -- or even become entry points for attacks against enterprise assets.
Some employees may not be a good understanding of precisely how great the risk might be.
"Going through our daily lives where we buy connected devices and don't even know [it], it can certainly create some risk and more than some inconvenience in a scenarios like ransomware hitting them," explains Brandon Hoffman, CISO at Netenrich.
Those connected systems can extend from coffee makers and refrigerators to physical security systems and environmental controls. And as the weather changes with the seasons, "I can't really work around my home thermostat as there is no way to manually run the heat or air conditioner," says Oliver Tavakoli, CTO at Vectra.
Is it affected by ramsomware?
I prefer my Stainless Steel French Press.
Most of these IoT thingys need a reset button and a hardwired data link so they can be deprogrammed.
I have never understood the ‘connected’ craze. My PC, and my phone can access the internet. I can turn lights on and off myself, same for the thermostat. What else do I need?
I would prefer that the coffee maker, refrigerator, and toaster, mind their own business, and not plot against me .
This is beyond stupid, seriously how much could you ransom a coffee maker for anyway ?
Just hack all the smart TVs....
Now That would be Entertainment.
Just a suggestion.
I do not buy iOT devices. In the case where the feature is included (landlord provided garage door opener), I never enable it.
I would think that most of these things have a hard reset button that resets everything as long as you have access to the front panel or device. In the case of the thermostaat, I would rip it out of the wall and stick in a 70s vintage round Honeywell before paying ransom.
I have worked in cyber security for 25+ years. I do not allow any IOT devices in my house.
I do not use the carrier’s router/firewall. I build my own (bump for ww-drt) router and use a proxy server (Squid or DansGuardian) to monitor all traffic. Some call me paranoid but as part of my job, I run penetration tests for Banks. I know how weak many of these systems are due to lack of good design much less malicious intent.
Neither Alexis or Siri will ever be invited into my home.
I don’t need a ‘Smart-House’ that spies and tattles on you.
I have no fear for my $18 single cup Mr. Coffee.
Well, it’s useful in some cases like vacation homes. You can make sure the place is locked up remotely after guests leave. Let’s say the place is in a very hot climate. You can kick the air conditioning on 12 hours before you get there, so it’s 72 inside rather than 95. That kind of thing.
Exactly. IMHO makes the best tasting coffee.
Plus it’s fun to make.
A robot controls a family's diet with disturbing exactitude in this 1958 novella by the Hugo and Nebula Award-winning author—with a new forward.
Celebrated author Robert Silverberg was twenty-two years old when he wrote The Iron Chancellor, his second contribution to the pioneering science fiction magazine Galexy. It tells the story of a man who purchases a robot to help himself and his family lose weight. The scheme goes awry as the robot assumes totalitarian control over the household.
My $20 coffee maker has an on-off switch. That’s it. No IoT. No bluetooth. No WiFi. It’s safer than a voting machine.
My choice of instrument as well. Simple, low-tech and exquisite.
It always starts with good intention.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.