Imagine you settle into your favorite couch after a long day, kick your feet up, maybe crack open a beer, and turn on your SmartTV to catch up on Game of Thrones. But instead of Lannisters and dragons, you get a message that your TV has been locked by hackers.
$200 or no Game of Thrones? Now imagine having no lights in your house without paying a small fee, or not being able to drive your car, or run your washing machine.
If you believe Adi Shamir–and you should–this scenario is not far off. “Today ransomware is effecting your PC, and maybe your phone,” Shamir told a large crowd during the The Cryptographer’s Panel at RSA 2015. “Imagine a world where everything is connected to the Internet, like having your Smart TV ‘ransomewared’ and you have to pay someone in Monrovia to get your TV service back.”
It’s a disturbing scenario that the security community is starting to pay more attention to. Gartner estimated in January that by 2020 the world will have 25 billion Internet-connected devices will be in use globally. This figure includes an estimated 250,000 cars with Internet connectivity.
One of the scariest components to the Internet of Things (IoT) threat is the helplessness of it all. Deloitte Partner Ifran Saif held a peer discussion during RSA that enumerated many of the concerns about IoT devices. “The reason why it’s so scary is you can’t control it as an individual,” he said. “[But] it’s also a matter of how these devices get deployed. You can have a perfectly safe device, but security won’t work if it’s not properly deployed.”
Of course the scenarios surrounding IoT security go further than just home consumer products. Imagine, for instance, if the SmartTV scenario at the beginning of this article was instead an X-Ray machine in a hospital. According to Saif, this is already practically a real scenario. “I witnessed a live X-ray machine installed in a hospital that had the [manufacturer’s] default password configured on it,” Saif told the peer group at RSA. “You could just Google it and you’re in.”
During a panel discussion at Georgetown Law last year Palo Alto Networks CSO Rick Howard reinforced the worry. “Ransomware is the future; it’s is going to touch the consumer hard,” he said. “Banks cover credit card fraud. Just wait until [criminals] start poking you for $20 per month.”