Of the various things you may be worrying about these days, getting locked out of your lovely hotel room in scenic Austria is probably not very high on the list. But last week, guests at the Romantik Seehotel Jaegerwirt in the Austrian village of Turracherhohe found themselves unable to open their hotel room doors. In the end, the hotel ended up having to pay about $1,800 (two bitcoins) to hackers who had penetrated its systems and managed to remotely lock its doors.
As tales of ransomware go, it’s a story that’s both silly and serious. A ski resort being held for ransom due to its inability to create working room keys is nowhere near as scary or dangerous as the hospital in Hollywood where ransomware shut down the computer systems last year, until administrators finally agreed to pay a 40-bitcoin ransom (or roughly $17,000 at the time) a few days after it was first infected.
For many people, however, the scariest cybersecurity incidents are the ones that don’t just manipulate information but also change the physical world around us. These sorts of attacks remind us of the extent to which our physical surroundings are increasingly controlled by computers. Seen from that perspective, a door you can’t open is, in some ways, scarier than a digital file you can’t access.
When it comes to digital records, we expect to be at the mercy of computers. When it comes to doors, we don’t. That’s in part because there’s an important difference between locked doors and locked files: Doors can be broken down, physically, if necessary (though, for obvious reasons, the Romantik Seehotel Jaegerwirt was not eager to take an axe to all of its guestroom doors), while a digital file or record cannot be retrieved from an encrypted system through sheer physical force.
Just as it’s possible to break down digitally locked doors, it’s also possible to create physical fail-safes for computer-controlled infrastructure. There’s no reason why a door that is typically opened electronically cannot also have a physical keyhole that enables someone to open it with a regular key in the event of a power outage, or a system failure, or a malicious compromise. (In fact, some cars that rely primarily on electronic sensors to lock and unlock their doors have exactly this feature: a physical key that can be extracted from the electronic fob to manually unlock the car if the key batteries die or otherwise malfunction.)
One of the most astonishing parts of the Austrian saga is that there was apparently no such physical fail-safe mechanism, despite the fact that electronic key cards—as every hotel guest well knows—malfunction all the time. The Romantik Seehotel Jaegerwirt’s managing director Christoph Brandstaetter told the New York Times that the hotel was, in fact, considering replacing its electronic key system with manual locks and keys, rather than electronic ones, to guard against future such incidents.
This isn’t necessarily a bad idea—there are certainly some systems that we would do well to keep from becoming too electronic for the purposes of security. (Voting comes to mind.) But it’s also often possible to combine electronic and manual mechanisms. And going forward, combining automated systems with manual fail-safe mechanisms may be a more realistic approach to trying to protect ourselves than just deciding to reject internet-connected things altogether. Just as we should all be regularly backing up our data and storing it somewhere completely disconnected from our hard drives, so that we can recover from a ransomware attack directed at our files, so too should we have a backup plan for what to do when our devices are held for ransom.
Last week’s story is a relatively lighthearted affair as cybersecurity incidents go—no one and nothing was seriously damaged, the ransom was not priced prohibitively high. (That was no doubt a strategic decision by the perpetrators to ensure speedy cooperation; and they did threaten to double the price if the hotel waited too long to comply.) But its implications are serious and frightening—a future of ransomware attacks directed not at our inboxes or documents or photos but instead at the buildings we live in, the cars we drive, and the world around us.
Ransomware isn’t the only threat posed by shifting our infrastructure online—it’s not hard to imagine an adversary exploiting vulnerabilities in a door locking system or a car for other, possibly even more nefarious purposes than extracting a ransom. (This is yet more reason to include fail-safe mechanisms in these systems that can be used to override electronic controls.) But while there is probably a relatively small population of criminals with both the desire to wreak havoc by compromising devices and the technical know-how for finding and exploiting the necessary vulnerabilities, there is no shortage of technically savvy people who would like to get rich.
That’s where ransomware comes in: It transforms the vulnerabilities of the Internet of Things into a vehicle for tremendous financial profit. Building on the tremendous success of traditional ransomware distributors, who merely hold data and computer systems hostage, people who design ransomware that targets physical infrastructure, be it hotel doors or stoves, have a very lucrative future in store for them unless we retain some of our manual checks on the increasingly automated world.