IMAGINE THIS SCENARIO: You’re on vacation in the beautiful Austrian Alps, heading out for breakfast, but your room’s door won’t open. The hotel uses electronic locks that are connected to a network, making it easier to manage the hotel, while also getting rid of the obsolete analog locks. Only this time, the convenience provided by these electronic locks is a double-edged sword: The technology also enables cyber criminals to hack the locks and demand ransom, usually in the form of cryptocurrency, in return for unlocking the door.
While this scenario sounds hypothetical, last month a fully booked four-star hotel in Austria, Romantik Seehotel Jaegerwirt, was hacked in precisely this way. The hackers demanded the equivalent of 1,500 Euros in bitcoin in exchange for restoring the keys’ functionality, and the hotel decided to pay the ransom.
This incident might be the first documented case of “jackware” or “ransomware of Things” (RoT). Both terms are used to denote malware targeting and disruption of IoT devices, with ransom demanded in exchange for the return of the devices’ normal functioning.
With more devices becoming wired to the global network (including private air-gapped networks), RoT may soon become a pervasive and disruptive phenomenon. It’s time to think about how to address this emerging threat.