A timeless watch — ransomware on IoT devices

Wednesday 30 September 11:30 - 12:00, Small talks

Candid Wueest (Symantec)

The class of crypto threats has been responsible for the majority of ransomware-related incidents in 2015. Encrypting the files of the victim with an individual encryption key and then asking for money has been a very profitable schema for the attackers.

In August 2015 we saw that ransomware can even infect Android smart watches. Android Wear devices are designed to be paired with a more function-rich device such as an Android phone or tablet. Once the malicious app is installed on the smartphone the threat gets automatically pushed from the mobile device onto the Android Wear smartwatch. In our demo we will show a Moto 360 smartwatch getting infected with an Android.Simplocker variant. After the ransomware is executed, it causes the smartwatch to become generally unusable. Simplocker has a routine that checks for the display of the ransom message every second, and if it is not shown, it will push it onto the screen again. This activity prevents the owner from using the device properly. Removing the ransomware is not trivial, as the factory reset option is only accessible through the watch menu, which is not accessible while Simplocker is running, and there are no USB ports available.

With all the recent news around IoT devices, specifically around hacked IoT devices, including cars, smart TVs, wearables and medical devices, the smartwatch is just one example scenario where ransomware might play a role in the future. IoT devices like smartwatches are becoming more popular and we expect more devices to become available within the next 12 months.

One of the first questions to be raised when talking about attacks against IoT devices is: Why would they attack an IoT device? We know from the past that financial gain is one of the biggest motivators for cybercriminals and we think that ransomware is one of the obvious methods for attackers to gain profits from IoT devices.

In this talk we will discuss IoT ransomware scenarios that we have seen and some that we expect to appear in the future. We will be analysing the practicality and difficulties of such attacks. We will highlight mitigation strategies to protect against them and show that removing a threat from an IoT device is difficult.

Click here for more details about the conference.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.