It’s really, really unlikely your smart thermostat will be held to ransom

Reports surfaced today, initially based on a security presentation given at DefCon in Las Vegas over the weekend, suggesting that your smart thermostat is going to be held victim to ransomware. While possible, it’s incredibly unlikely.


Pentest Partners, the security company behind the theoretical exploit, published details on its blog today, confirming that, yes, an attacker would (currently) need physical access to the thermostat in order to hold your ambient comfort to ransom.

Consider this though: having gained access to your thermostat, wouldn’t the would-be heat kidnapper just perhaps, steal your TV instead, or your laptop, or both?

That’s not to undermine the security risks associated with the Internet of Things or the efforts that the unnamed company should now go to in fixing the problem, but it’s important to keep a sense of perspective¬†when you see reports about security vulnerabilities rather than just read the headline.