Hackers expose vulnerable refrigeration systems

11 Feb 2019

1,417

UK: Controls manufacturer RDM says it will be contacting customers reminding them to set secure passwords after hackers revealed that hundreds of its systems are vulnerable to cyber attack.

Israeli hackers and activists from the Safety Detective research lab have exposed the extent to which users’ failure to change manufacturers’ default passwords have left thousands of refrigeration and air conditioning systems vulnerable.

Using Shodan, the search engine for internet-connected devices, the hackers uncovered a major security breach in systems manufactured by Glasgow-based controls manufacturer Resource Data Management (RDM).

These control systems are used by a wide range of companies and industries including hospitals and supermarket chains all over the world.

A basic scan is said to have revealed hundreds of installations in the UK, Australia, Israel, Germany, the Netherlands, Malaysia, Iceland, and many other countries around the world. Safety Detective argues that as each installation has dozens of machines under it, many thousands of units could be vulnerable.

The systems all use the unsecured HTTP protocol and the 9000 port (or sometimes 8080, 8100, or even simply 80) and use the default username and password combination. The hackers say that not only can you change refrigerator and freezer settings through this system, you can also modify user settings, alarm settings, and more.

Sites exposed included a UK Marks and Spencer supermarket in Surrey, Italian food manufacturer Menu Italiano, one of the largest pharmaceutical company in Malaysia, a coldstore in Dusseldorf, and a food storage facility in Iceland.

RDM insists that its controls documentation states that the default passwords must be changed when the system is installed, and argues that it has no control over how its systems are set up by the installer. However, it said it would write to all its known customers, installers and distributors reminding them of the importance of changing the default user names and passwords as part of their installation and set up.

Concerns

Concerns over the vulnerability to the increasing numbers of internet-connected devices prompted European manufacturers’ group ASERCOM to publish a free-to-download guide to securing components against the threat of cyber-attacks.

Last month the Cooling Post revealed that a Dutch man had received a prison sentence for hacking into a supermarket refrigeration system and changing the temperature settings.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Hackers expose vulnerable refrigeration systems

Concerns

Related stories:

Neil Everitt

Concerns

Related stories:

Related Articles