Cybersecurity isn’t just about protecting data. In the case of a new vulnerability, security researchers have revealed a different threat: thousands of internet-connected temperature control systems for freezers being subject to takeover due to the password-protected systems frequently using an unchanged default value, according to Gizmodo. By guessing the default password, a hacker could take over these freezers, used in grocery stores, hospitals, and pharmaceutical companies, accessing temperatures, alarm settings, or access floor plans of the buildings in which the temperature control systems are installed. With access to these tools, it would be easy for a hacker to shut off or overload systems, resulting in minor issues from loss of saleable food to more severe threats like damage of medical supplies, depending on the end use of the freezer.
Discovered by researchers at Safety Detective, the threat specifically affects internet-connected thermostats produced by Resource Data Management (RDM).
“They all come with a default username and ‘1234’ as the default password, which is rarely changed by system administrators. All the screenshots taken in this report didn’t require entering the user and password but it came to our knowledge that almost all devices used the default password,” observed Safety Detective of these systems.
Of interest is that much of this risk could have been alleviated by enforcing the automatic change of default passwords. As noted by TechCrunch, California has already passed a law banning the use of default passwords on new consumer electronics, beginning in 2020. The European Union is also eyeing updated regulations for IoT devices.
Source:
https://gizmodo.com/maybe-connecting-hospital-and-grocery-store-freezers-to-1832459381
