- May 6, 2017
- Posted by: Kerry Tomlinson, Archer News
“It’s simple,” an experts says, and voice-controlled microwaves could be a future target.
It may not be President Donald Trump’s worst nightmare, but it would certainly set off a flurry of angry tweets.
Trump’s television, playing a former President Barack Obama speech over and over again, no matter how many times the president tries to turn it off.
Pay up, or you’ll see and hear your nemesis—and applause for his words—forever, the ransom note might say.
A cybersecurity company demonstrated how easy it is for malicious hackers to get into people’s home systems and hold their televisions hostage—as well as any info or pictures on their computers—at the Collision Conference in New Orleans this week.
“Now he’s going to have complete control,” Avast CEO Vince Steckler told the audience as one of his white hat hackers took over the device from a laptop on stage.
“He can’t hack the microwave yet, but he can definitely hack the TV, what you see here,” Steckler added. “It’s simple.”
Hacked TV shows former President Obama speech on stage during hacking demonstration at 2017 Collision Conference in New Orleans. Image via: binate.io
What does it mean for you?
First, get ready for the time when you see a ransom demand pop up on your TV screen.
Some attackers will leave a way for you to fix the issue, but others will take over your device for good, Steckler said.
“If it’s an Android TV, it’s not cheap. It’s going to be about a thousand dollars,” he said in an interview. “If it got hijacked, would I pay a hundred dollars to ransom it? Probably so.”
Hacked TV shows ransom note at 2017 Collision Conference in New Orleans. Image via: binate.io
Second, get ready for the bad guys to go beyond the TV. Once they’re in your system, why stop there?
Steckler described a similar attack through a baby monitor connected to the Internet.
“You break in through the baby cam. The baby cam then takes control of the hot water pot, starts boiling water, starts making coffee,” he said to Archer News. “Then it goes to the disk drive and encrypts all the files and asks you to pay money to get them back.”
You’ve made hot water. And you are definitely in it.
Baby pictures—and any other valuable files you have—about to be obliterated unless you pay up, or find some sort of ransomware cure.
“What’s the harm?”
Part of the problem, according to Steckler, is that people are often concerned about security for their computers or phones, but not for smart devices in their homes, like lights, locks, fridges, security cameras and thermostats.
He cited a survey showing that 85% of people said they cared about computer security, but only 13% said they cared about smart device security.
“What’s the security risk of a smart light? Okay, a bad guy can turn the light on on me. But what’s really the harm? I can just go turn it off,” he explained.
But one of the big risks is that attackers will use the weak security in your smart device to get to the good stuff that you’re willing to pay for to get back.
“A coffee machine maker cares that the machine makes good coffee,” he said. “They’re not security experts. Most of these devices just are wide open on the security side.”
Who has them?
One in five people in America have at least one smart thing in their home other than a computer, phone or tablet, Steckler said.
About 15% have a smart thermostat, and about one in ten have a smart refrigerator, with the numbers going up.
“As that goes up, then it becomes more opportune for thieves to target them,” Steckler said. “And the popular thing to do these days is ransomware because you can more directly monetize it.”
How they got in
The onstage hacker at Collision did not actually get in through the TV.
He cracked the password on the home router, and got in to all the smart goodies inside, including the television.
“The routers all come with a default username and password. Very few people change them. When they do change them, they usually change them to something that’s easily cracked,” he said. “We just pounded the router with all of the common passwords and cracked it.”
Avast checked New Orleans before the presentation and said 60% of home routers in the city “can be easily cracked from the outside.”
White hat hacker with Avast shows how he cracked a router password at the 2017 Collision Conference in New Orleans. Image via: binate.io
What can you do?
You already know some of the ways to stay safer.
Change the default username and password on your home router, and change them to something complex.
Before you buy a router, check up on how secure it is.
If you already have a router, you can read online about its security and vulnerabilities.
And be aware that when you connect some new, convenient smart device in your home, you may also be giving convenient access to the bad guys.
“What people got to think about is, ‘How valuable is what I have on my computer? How much are those ten years of baby pictures?’ Or, ‘Do I have a backup?’” Steckler said.
“That’s really what the hackers target in consumers. They just want bank information. They want identity information. Or they want to disable your access to things that you feel you need, such as pictures or your data on your computer or your TV.”
Steckler has a wish list, too.
It includes education and awareness, so you can stay up-to-date on the threats that could affect you.
It also asks for companies making the connected devices to design them to be secure, instead of just leaving them open to malicious hackers.
And it calls for security standards and collaboration among all the companies, agencies and people involved in designing, making, securing and using smart devices.
“There’s no set of standards. There’s no minimum requirements about what you need for security,” he said.
TV hacking demonstration at 2017 Collision Conference in New Orleans. Image via: binate.io
Voice control microwaves
Your connected coffee maker may soon ask for a payment method so it can automatically order coffee pods when you run low.
Your microwave may soon have voice control so you can simply say “two minutes and twenty seconds” instead of having to type it in on the keypad.
That means crooks will be able to suck out your credit card number as you remotely brew an espresso.
And, yes, spy on you through the voice control microphone on your microwave.
That cooperation to come up with security standards and an industry security framework—and stick to them—will be even more crucial, according to Steckler.
“If we don’t do that, then we should all be insanely afraid of our microwaves in the future,” he said.