Everything from connected cars to pacemakers could be at risk.
A new brief from the Institute for Critical Infrastructure Technology, “Combatting the Ransomware Blitzkreig,”offers a dire warning about the future security of the IoT.
A cybersecurity think tank, ICIT says ransomware is almost certainly headed to IoT devices, and the results could be chaotic to downright deadly.
Most people are at least vaguely familiar with ransomware, a form of malware. Once it infects a computer, it locks it down, encrypts all the files it can find, and demands payment — usually by Bitcoin, Western Union or some other untraceable method — for the key needed to unencrypt. If the victim refuses, all the files are permanently wiped.
Ransomware hasn’t had much of a presence on the IoT just yet, but has made the leap to hospital IT systems, and ICIT says the Internet of Things is not far behind.
“IoT devices offer a potential growth bed to any ransomware operation because the devices are interconnected by design and many pointedly lack any form of security. How much do you predict someone would pay to remove ransomware from a pacemaker? Many medical devices, such as pacemakers, insulin pumps, and other medication dispersion systems are internet or Bluetooth enabled. Ransomware could utilize that open connection to infect the IoT device.”
The report goes on to state that it believes ransomware is headed to the IoT because unlike most other forms of malware, it is the only variant small enough and light enough to actually work on them. It consists only of a few commands and an encryption algorithm. Why a connected car that gets infected many not put the driver in any danger, it could cause the owner a lot of grief simply by refusing to turn on until the ransom is paid.
Another form of cyberattack that could hit IoT devices may be one designed to significantly reduce the device’s battery life, which could cause all kinds of havoc depending on the devices targeted, according to ICIT. The one reassurance? Any cybercriminals would have to find a way to contact the device’s owner, which may not be easy through an IoT device — which is another reason why it is critical that device manufacturers secure all user data accessible through their devices.