Aardvark Daily

Please visit the sponsor!

Legal Ransomware

Most people reading this column will have read about ransomware.

Thousands of companies and organisations around the world have been hit with ransomware infections in recent years. When ransomware strikes, a user's storage is encrypted and they are denied access until they cough up the ransom to get a decryption key.

Cyber-crooks and gangs have made countless millions of dollars by way of using ransomware to disable their victims computers and force these payments, usually by way of crypto-currency.

Naturally, such attacks are considered a criminal offense and from time to time we see stories where the perpetrators have been caught and prosecuted.

However, there is now a new form of ransomware that seems to be totally legal and it's a huge worry for those who live on the bleeding edge of technology.

Yes, that's right. Every day an increasing amount of money is being paid, under duress by individuals and companies who've been hit with legal ransomware and there appears to be nothing the police or anyone else can do about it. It's totally legal.

What am I talking about?

Well in the modern world, many of the things we use contain computers. Everything from cars to smart light switches to home-security systems to whatever. They all have "intelligent" functions that rely on computers, software and connectivity to function.

Increasingly, consumers are finding that they pay good money for these devices and are satisfied with the results. Such technology often allows you to control much of your home and keep an eye on your property using your smartphone. You can adjust the thermostat on your home heating while at work. You can see who's ringing your doorbell and have a conversation with them even if you're away on holiday and your car is able to message you if the alarm is activated while your in a restaurant enjoying a meal out with the wife.

All of this stuff is great. Some of this functionality requires a subscription to a cloud-based service and some of it doesn't.

So what's the problem? Where does the ransom come in?

Well I urge you to watch this video (below) from consumer-rights activist Louis Rossmann.

Yes, it seems that even though you may have bought and paid for a device that promises to deliver a specific feature-set, modern tech allows the manufacturer to effectively re-write the terms of the contract at any time they choose to.

In some cases this simply means that your devices may stop working because a cloud-service is retired without any option to migrate to another. In best case this means that your smart device becomes a dumb device but can still be used manually. As often as not however, such a change renders your device totally bricked and unable to operate at all.

This wouldn't be so bad if the manufacturers simply open-sourced their API so that others could recreate that functionality and restore the full feature-set of the affected devices but this seldom happens.

An even worse situation occurs when a forced update turns a system that previously operated without any cloud-based server into one that requires an annual subscription. Failure to pay that subscription either significantly degrades the smart features of the device or just totally bricks it. That's where the ransom comes in. Pay up or we brick your device -- you know, the one you bought and paid for and foolishly thought you owned.

It's likely that here in New Zealand there would be some degree of protection under consumer law but I couldn't guarantee it and odds are that if you're caught out by this you might have to resort to taking a civil case against the supplier. If the supplier has declared bankruptcy and the business has been sold by the receiver then you might not have a leg to stand on because there is no contract in place between you and that new entity.

I think the bottom line is that while smart devices and the Internet of Things can offer some real benefits and efficiencies, using such technology is not without risk.

As for me, I'm fortunate enough that I don't feel the need to have too much in the way of smart devices in my life. I'm happy to stick to old-school technologies if it means that I can't be held to ransom whenever a company decides that the managing director needs a new Bugatti.

Carpe Diem folks!

Please visit the sponsor!

Here is a PERMANENT link to this column

Rank This Aardvark Page

Change Font