A perfect cybercrime storm is brewing, and two of the main ingredients are ransomware and the Internet of Things.
Cybercrime has become an industry with all the operational trappings of any legitimate sector, McAfee Labs noted in its five-year threat review released earlier this month. It has its own supply chain, market segments, service providers, and finance and trading systems. It has its own business models.
On the other hand, the Internet of Things is young, McAfee pointed out. Smart device hacks and data breaches are just beginning to make headlines, and the insecurity of many connected gadgets is raising alarms.
Given the resources and capabilities of cybercrime operators and the relative unsophistication of IoT device security, one trend in particular is ominous. Ransomware is on a tear.
The number of ransomware samples identified grew 127 percent from Q2 2014 to Q2 2015, McAfee Labs noted in its report.
Ransomware on the PC — where malware locks down a computer until the user pays the hackers a couple of hundred bucks or the equivalent thereof in bitcoins — has been rife for some time, and it’s coming soon to the Internet of Things, warns a recent Symantec security report.
To demonstrate the risk potential, Symantec researchers infected a Moto 360 smartwatch (pictured above) with the Android Simplocker ransomware, causing the smartwatch to become unusable.
Simplocker has a routine that checks for the display of the ransom message every second, which prevented the smartwatch from functioning.
The malware also encrypted several files stored on the smartwatch’s SD card.
“It’s very plausible that we’ll see ransomware on smart TVs, routers or any other smart devices in the future,” said Candid Wueest, principal threat researcher at Symantec.
How Symantec Infected the Smartwatch
Symantec researchers first repackaged the Simplocker .apk file in Android Wear to create a new .apk file.
They then paired the Moto 360 smartwatch with an Android phone and installed the new .apk file on the smartphone.
The phone pushed the ransomware to the smartwatch, where a ruse can trick the owner into running it.
So far, Symantec has not seen any ransomware in the wild targeting smartwatches, but that could change.
The Apple Watch is safe, for now, because it “will not allow any unknown application to run,” Wueest told TechNewsWorld, but “it’s possible malware will be on Apple Watches in the future through the exploitation of vulnerabilities.”
It was possible to uninstall Simplocker from the infected smartphone paired with the affected Moto 360, Symantec found. That would remove the malware from the smartwatch as well.
Another option for getting rid of the ransomware would be to reset the phone and the smartwatch to their factory settings.
Safety Tips for Android Smartwatch Owners
Users should avoid installing apps from unknown or untrusted sources, Symantec said.
They should check permissions when installing apps to make sure they’re appropriate. For example, games don’t need to access users’ contacts lists.
Users also should install security software on their mobile devices, keep software up to date, and back up important data frequently, Symantec advised.
“Symantec is working with vendors and other researchers to … implement devices with trusted root, where only signed code can run, and where security was included from the beginning of the design process,” Wueest said.
Attacking the Smart Home
It’s possible that malware or ransomware could target smart home devices, which increasingly are being tied to smartphones.
Symantec earlier this year analyzed 50 smart home devices available on the market and found their security was sadly lacking.
The devices had most, if not all, of the Open Web Application Security Project’s Internet of Things Top Ten vulnerabilities, Symantec said.
Among the findings: Of the mobile apps used to control IoT devices, about 19 percent of those tested did not use SSL connections to the cloud; none of the analyzed devices provided mutual authentication between the client and the server; some devices offered no enforcement of strong passwords and often no possibility of using them; and Symantec easily found 10 security issues in 15 Web portals used to control IoT devices.
An infected smartphone could scan its owner’s home network for vulnerable devices and infect those found with malicious code, Wueest suggested.
Still, hackers are more likely to target IoT devices “in order to disrupt or cause a significant failure as part of an attack right now” than to install ransomware,” said Rob Enderle, principal analyts at the Enderle Group.
“There’s just not enough IoT devices in the market, and so little of it is standardized that the return on ransomware wouldn’t be worth the effort,” he explained.
Still, “We’re just at the beginning of what could be a nasty set of national threats and exploits,” Enderle cautioned. “Much of what’s going on isn’t being reported … and we think we’re far more secure than we really are.”