A timeless watch - ransomware on IoT devices

Presented at VB2015, Sept. 30, 2015, 11:30 a.m. (30 minutes)

The class of crypto threats has been responsible for the majority of ransomware-related incidents in 2015. Encrypting the files of the victim with an individual encryption key and then asking for money has been a very profitable schema for the attackers. In August 2015 we saw that ransomware can even infect *Android* smart watches. *Android Wear* devices are designed to be paired with a more function-rich device such as an *Android* phone or tablet. Once the malicious app is installed on the smartphone the threat gets automatically pushed from the mobile device onto the *Android Wear* smartwatch. In our demo we will show a *Moto 360* smartwatch getting infected with an Android.Simplocker variant. After the ransomware is executed, it causes the smartwatch to become generally unusable. Simplocker has a routine that checks for the display of the ransom message every second, and if it is not shown, it will push it onto the screen again. This activity prevents the owner from using the device properly. Removing the ransomware is not trivial, as the factory reset option is only accessible through the watch menu, which is not accessible while Simplocker is running, and there are no USB ports available. With all the recent news around IoT devices, specifically around hacked IoT devices, including cars, smart TVs, wearables and medical devices, the smartwatch is just one example scenario where ransomware might play a role in the future. IoT devices like smartwatches are becoming more popular and we expect more devices to become available within the next 12 months. One of the first questions to be raised when talking about attacks against IoT devices is: Why would they attack an IoT device? We know from the past that financial gain is one of the biggest motivators for cybercriminals and we think that ransomware is one of the obvious methods for attackers to gain profits from IoT devices. In this talk we will discuss IoT ransomware scenarios that we have seen and some that we expect to appear in the future. We will be analysing the practicality and difficulties of such attacks. We will highlight mitigation strategies to protect against them and show that removing a threat from an IoT device is difficult.

Presenters:

• Candid Wueest - Symantec

Links:

• https://www.virusbulletin.com/conference/vb2015/abstracts/timeless-watch-ransomware-iot-devices

Similar Presentations:

• BSides Austin 2017 / Defending against ransomware: You already have the capability, why are we not using it? This method stopped our attacks cold. Now let me show you how to do it. And it’s FREE, you don’t have to purchase anything.
• THOTCON 0xA (2019) / When Refrigerators Attack - Defending (and weaponizing) IoT
• TROOPERS17 (2017) / What happened to your home? IoT Hacking and Forensic with 0-day