Trying on Ransomwear For Size
Ted Ritter, CISSP
Cyber Author, Technical Marketing, Sales Engineer, and Djembe Drummer
No, this is not a typo. I recently saw a story on LinkedIn about a dress that changes its look to match your shoes. This new Amazing Technicolor Dreamcoat is intriguing, and it offers broad application from the fashion industry (designer downloads) to the military (real-time camouflage), and beyond. Of course, I immediately went to the joke: new ransomware (i.e., ransomwear) with a threat to turn the dress transparent at the most inopportune moment! Ha, ha.
Like with anything cyber, this is no joke. I started thinking about other areas where ransomwear has a much greater impact than mooning your boss at the next executive staff meeting. For example, the other day I noticed my friend's hearing aides on a WiFi scan. I asked him about them, and he said that he downloads new sound profiles automatically. Cool. The ransomwear implications for a hearing aide are pretty predictable: "pay up, or you won't be able to hear."
I realize that we've been talking about these types of devices as part of the #IoTSecurity discussion, for quite a while. Everyone talks about the risk of a pacemaker hack as the prime example. However, unlike regulated medical devices, this is a special case of IOT, where people are wearing commercially available connected devices; depending upon them all day long; and, there is limited guidance on how to manage the risk.
Sure, going without a hearing aide for a while, or having to wear your coat in the office is not the end of the world. What is very near the end of the world is losing a loved one. As a hypothetical example, a friend of mine recently bought her 93-year-old Dad a smartwatch. The purpose of the smartwatch is to automatically alert my friend and 911 when her Dad falls. It doesn't take much of an imagination to think of a potentially deadly ransomwear attack where the alert message (including Dad's location) is held ransom.
I have not looked into the mechanics of hacking the smartwatch in this way. Still, I'm very concerned that if I came up with this scenario, I can only imagine the scenarios that more knowledgable - and nefarious - people are developing. I would love to hear from my connections on the likelihood of this type of attack, and if there are any movements afoot to prepare for the rise of ransomwear.
Industrial Controls Cybersecurity Engineer / Musician
5 年I agree that likelihood plays a big part in this type of attack. For me likelihood starts with - how well-known are you and how many enemies or just people looking to make an example out of you - do you have? (Although ransomwear might have a couple other caveats that have to do with body image perception by others). If I'm not really well-known and generally don't have people looking to do me harm - probably not likely. If I'm a famous person, or an infamous person, (not just celebrities but government officials, heads of companies, etc) well then perhaps a singular attack is more likely. Where I think the likelihood goes up exponentially is in your example of real-time camouflage in a military application. If I'm a country waging a ground war, being able to clearly see my enemy by turning their uniforms some color that will stick out - neon pink perhaps - then I have an advantage. It's the potential for hacking a group where I believe the threat is more likely. But I am also curious to hear others thoughts.