Lorenzo Franceschi-Bicchierai, writing for Motherboard: One day, your thermostat will get hacked by some cybercriminal hundreds of miles away who will lock it with malware and demand a ransom to get it back to normal, leaving you literally in the cold until you pay up a few hundred dollars. This has been a scenario that security experts have touted as one of the theoretical dangers of the rise of the Internet of Things, internet-connected devices that are often insecure. On Saturday, what sounds like a Mr. Robot plot line came one step closer to being reality, when two white hat hackers showed off the first-ever ransomware that works against a “smart” device, in this case, a thermostat. Luckily, Andrew Tierney and Ken Munro, the two security researchers who created the ransomware, actually have no ill intention. They just wanted to make a point: some Internet of Things devices fail to take simple security precautions, leaving users in danger. “We don’t have any control over our devices, and don’t really know what they’re doing and how they’re doing it, ” Tierney told Motherboard. “And if they start doing something you don’t understand, you don’t really have a way of dealing with it.” Tierney and Munro, who both work UK-based security firm Pen Test Partners, demonstrated their thermostat ransomware proof-of-concept at the hacking conference Def Con on Saturday, fulfilling the pessimistic predictions of some people in security world. Read more of this story at Slashdot.
Original post:
Hackers Make the First-Ever Ransomware For Smart Thermostats
An anonymous reader writes: Washington State has filed a lawsuit against Comcast to the sum of $100 million, accusing Comcast of “engaging in a pattern of deceptive practices.” It claims that Comcast’s documents reveal a pattern of illegally deceiving its own customers for profit. KOMO News reports: “The lawsuit (PDF) alleges more than 1.8 million individual violations of the Washington Consumer Protection Act. The Attorney General’s Office says 500, 000 Washington consumers were affected. The lawsuit also accuses Comcast of violating the Consumer Protection Act to all of its nearly 1.2 million Washington subscribers due to its deceptive ‘Comcast Guarantee, ‘ Ferguson said. The lawsuit accuses Comcast of misleading 500, 000 Washington consumers and deceiving them into paying at least $73 million in subscription fees over the last five years for what the attorney general says is a a near-worthless protection plan. Customers who sign up for Comcast’s Service Protection Plan pay a $4.99 monthly fee to avoid being charged if a Comcast technician visits their home. But the plan did not cover wiring inside a wall, the lawsuit says. The Attorney General Office says 75 percent of the time, customers who contacted Comcast were told the plan covered inside wiring. Customer service scripts, which the Attorney General’s Office said it obtained during its investigation, told Comcast representatives to say that the plan covers calls ‘related to inside wiring’ and ‘wiring inside your home.'” According to KOMO News, the lawsuit is seeking more than $73 million in restitution to pay back Service Protection Plan subscriber payments; full restitution for all service calls that applied an improper resolution code, estimated to be at least $1 million; removal of improper credit checks from the credit reports of more than 6, 000 customers; up to $2, 000 per violation of the Consumer Protection Act; and that Comcast clearly disclose the limitations of its Service Protection Plan in advertising and through its representatives, correct improper service codes that should not be chargeable and implement a compliance procedure for improper customer credit checks. Read more of this story at Slashdot. 
An anonymous reader quotes an article from the Washington Times: Hackers on Friday successfully pulled off cyberattacks against Vietnam’s two largest airports and the nation’s flag carrier, Vietnam Airlines. The attacks — attributed to a Chinese hacking group known as 1937CN — ultimately failed to cause any significant security issues or air traffic control problems, Vice Minister of Transport Nguyen Nhat told local media. Nonetheless, the individuals briefly hijacked flight information screens and sound systems inside Noi Bai and Tan Son Nhat airports in Hanoi and Ho Chi Minh City, respectively… Instead of departure and arrival details, the airports’ flight screens and speakers broadcast what local media described as anti-Vietnamese and Philippines slogans, in turn prompting authorities to shut down both systems… Vietnam Airlineâ(TM)s website, meanwhile, “was seized control and transferred to a malicious website abroad” and… passenger data pertaining to an undisclosed number of its frequent flyers was published online as well, the airline said in a statement. Local media on Friday said about 100 MB of data concerning roughly 40, 000 VMA passengers had been dumped online. Read more of this story at Slashdot.