Security

Gold-digging hackers will seize your smart home heating

By Kitty Knowles 10 August 2016
Feeling cold? Pic: iStock/VikaValter
Summary

Would you rather boil or freeze?

Whether it’s dodgy pet food dispensers starving our puppies, or connected TV’s that can’t change channel, smart homes can quickly turn into smart hell.

The world of connected devices – the so-called ‘Internet of Things’ – is in its infancy, and like a toddler, it’s been toppling over a lot.

But the kind of glitch that might annoy you on your smartphone, can make life unbearable when it’s in your home.

In March, for example, we learned that dozens of people were forced to live in mini saunas after Hive, one of Britain’s most popular internet-connected thermostats, went wrong and turned the dial up to 32°c.

And as we move towards a world where everything in our lives is run online, we – the consumer – are putting ourselves more at risk – not just from bugs, but hackers too.

Hackers will target your smart home

Today hackers commonly target regular folk with click-through website links or email scams. These give criminals access to your computer, your logins – and ultimately – your bank account.

It’s usually big companies that fall foul of ‘ransomware’ – hackers who directly seize control of an online system until they receive a payout.

Soon though we will all become the targets of these gold-digging crooks, and it’s your smart home that they’ll take ransom.

Pic: Ken Munro.

Payout for control

This weekend, two white hat hackers (researchers without any ill intention) showed off the first-ever ransomware to work against a smart device.

Andrew Tierney and Ken Munro took control of a smart heating system and posted a message demanding payment in bitcoin.

In theory, until this is paid, a customer would have no control over the temperature in their house.

“We don’t have any control over our devices, and don’t really know what they’re doing and how they’re doing it,” Tierney told Motherboard. “And if they start doing something you don’t understand, you don’t really have a way of dealing with it.”

You may as well decide now: would you prefer to boil, or freeze?

Homes held to ransom

Tierney and Munro, who work for UK security firm Pen Test Partners, unveiled their malware at the Def Con conference, Las Vegas.

They were met with bleak humour on Twitter:

This breach goes to show that the ‘Internet of Things’ is currently too lax in their safeguarding.

Yes, innovation like Philips’ connected Hue Go lights, and smart security devices from Sherlock, MyFox and Cocoon are inspiring.

Yes, they can be convenient, and can add a touch of class or “cool”.

But let’s not forget our homes are our most valuable asset. When you upgrade yours, you risk being held to ransom.

Read more: The smart home freak show stops here

Read more: Hive customers hot up in 32°C heatwave glitch

Read more: Why cats hate the Internet of Things