Security Market Segment LS
Friday, 07 August 2015 05:33

Hey! Somebody’s hacked my smart watch! Featured

By

Wearables are the next target for hackers, warns a new report from Symantec. The biggest threat is ‘ransomware’ – a kind of electronic blackmail.

“Never before in the history of human kind have people across the world been subjected to extortion on a massive scale as they are today.”

That is the dramatic opening sentence from security vendor Symantec’s new report ‘The evolution of Ransomware’. The extortion Symantec is talking about is that ransomware.

There are two types of ransomware in circulation,” says report co-author Kevin Savage. “The most common type today is crypto ransomware, which aims to encrypt personal data and files. The other, known as locker ransomware, is designed to lock the computer, preventing victims from using it.”

With both kinds of ransomware the perpetrator then demands the victim pay money to unlock the files or the affected device. And with smart watches and other wearable devices proliferating, Symantec says they will increasingly be ransomware targets.

Ransomware is designed for direct revenue generation, explains Savage. The four most prevalent direct revenue-generating risks include misleading apps, fake antivirus scams, locker ransomware, and crypto ransomware.

“Direct revenue-generating malware went through four major pivot points in the past decade. Each pivot point indicates a shift from one type of malware to another, ultimately leading to ransomware.”

The top six countries impacted by all types of ransomware in 2015 are the US, Japan, United Kingdom, Italy, Germany, and Russia, and the average ransom amount is US$300. The favoured payment method for locker ransomware is payment vouchers, and for crypto ransomware it is bitcoins.

“Crypto ransomware is now preferred among cybercriminals,” says Savage. “It accounts for 75% of new ransomware threats discovered in 2015. Cybercriminals behind ransomware are constantly innovating. With more connected devices around, we can expect to see ransomware appear in new device categories where they were never seen before.”

The report singles out wearable technology as a major potential area for ransomware, despite not having seen any examples of ransomware specifically designed to target them.

“The wearables market is gathering momentum. Smartwatches are gaining in popularity and typically retail from around US$100 to several hundred. This year may be considered by many to be the year when the smartwatch finally becomes mainstream, with the arrival of many more Android Wear models as well as the much anticipated Apple Watch.

“With so much growth and hype in this technology, the wearable device market is likely to attract the attention of ransomware creators. When we considered smartwatches in the context of ransomware, we came to the conclusion that there are no particular reasons why ransomware would not work on them.”

The report says Android watches and wearables are particularly vulnerable. “Android Wear is a limited subset of the Android OS. They typically feature a small touch screen that allows a wearer to use touch gestures to interact with the device.

“Android Wear devices also support voice commands which can be activated by saying ‘OK Google’ to the smartwatch followed by a command or question,” says Savage.

“Hardware buttons are not often used or have very limited functionality in these devices. Most functionality is accessed through touch- or voice-activated menus.

“To ensure support for the smartwatch OS, Android Wear was designed to enable existing phone-based apps to work with Android Wear in order to show notifications and alerts without any changes to the existing app’s code. App developers can also write apps specifically for Android Wear or they can extend existing phone apps to take full advantage of extra features enabled by the smartwatch.

“Based on our understanding of how ransomware typically works and how these devices operate, we believe that the most likely form of ransomware to appear for smartwatches is locker ransomware.

“We don’t believe smartwatches will hold much data that is of great value to the wearer, so holding data to ransom on these devices is of little use. A device-locking ransomware could potentially be more successful due to the way many of these devices are designed.

“Given the limited options for interacting with a smartwatch and the lack of hardware interfaces, we believe that these devices may be more susceptible to a locker ransomware attack. At best, locker ransomware attacks on smartwatches may be highly inconvenient, forcing the user to resort to factory resets to recover the device. At worse, the ransomware infection could potentially render the device unusable.”

The report contains information on the psychology of ransomware, and on ways to combat it. The full report is available here, and a long Symantec blog about it is here.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Graeme Philipson

Graeme Philipson sadly passed away in Jan 2021 and a much valued senior associate editor at iTWire. He was one of Australia’s longest serving and most experienced IT journalists. He is the author of the only definitive history of the Australian IT industry, ‘A Vision Splendid: The History of Australian Computing.’

He was in the high tech industry for more than 30 years, most of that time as a market researcher, analyst and journalist. He was founding editor of MIS magazine, and is a former editor of Computerworld Australia. He was a research director for Gartner Asia Pacific and research manager for the Yankee Group Australia. He was a long time weekly IT columnist in The Age and The Sydney Morning Herald, and is a recipient of the Kester Award for lifetime achievement in IT journalism.

Graeme will be sadly missed by the iTWire Family, Readers, Customers and PR firms.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments