Talk about environmental controls: a team of security researchers has figured out how to infect smart thermostats with ransomware.Experts at Pen Test Partners revealed at DEF CON that they had successfully compromised a connected thermostat. Their code behaved just like the innumerable desktop ransomware strains we’ve seen evolving over the past several years: it locks down the thermostat’s screen and demands that you pay up if you want to get control back.Hackers could even exert a little extra pressure if they wanted to. Apart from just preventing you from making any changes, they could actually raise or lower the temperature. They could crank up the heat and sweat that ransom payment out of you (and your heating bill) or drop those temperatures so low that you’ll beg them to give you control back through chattering teeth.It’s a pretty frightening scenario, but thankfully there’s a big asterisk on this one. While researchers have proved that it’s possible to infect this particular thermostat (they’ve chosen not to reveal the maker or model at this time), they needed direct physical access to do it. They uploaded their malware via an SD card slot, helpfully supplied by the manufacturer to give users the ability to set a custom wallpaper.While I appreciate personalization options as much as the next guy, they’re probably best left out if they open the door for this kind of tampering. I’ve got plenty of other places I can check out my digital photos, thanks.Since PTP had to use an SD card to upload their code that means your smart thermostat isn’t in any immediate danger of being victimized by hackers — not unless you habitually let strange repairmen into your home to have a look around. If anyone’s messing with the temperature on yours, well, you can probably blame your housemates. Make sure you’re the one in control of climate change.