RDM acts to remove default passwords

UK: Refrigeration controls manufacturer RDM is removing all default internet access passwords from its products, giving each panel a unique password.
The Glasgow-based manufacturer was reacting to reports over the weekend that hackers had exposed vulnerabilities in “hundreds” of internet-connected sites using RDM controls where users had failed to change manufacturers’ default passwords.
Speaking to the Cooling Post, RDM MD Andrew Chandler said the reports were not totally correct and highlighted a much bigger number than is the case.
“It refers to the Shodan web site reports which shows over 7000 sites and over 1200 sites in Russia but we have never sold in Russia,” he said.
He maintains that the Shodan search engine for internet-connected devices was looking at a web server that RDM uses but that this server was also used by a lot of other router companies.
“In reality there were very few RDM systems on the internet direct where the default user names had not been changed,” he said. “We re-iterated again to all our clients the importance of security and also turning on the “Force CGI login” which is a site set-up function.
“Going forward we have removed default passwords from our products and each panel will have a unique password only,” Chandler confirmed.
Change defaults
European manufacturers’ group ASERCOM has recently highlighted concerns that, with an increasing number of HVACR components having a data interface that is accessible from outside the premises, the threat of cyber attacks has increased.
In its recently published guideline document, ASERCOM advises installers and end users to change all default login names and passwords during installation as advised by manufacturers. “If these default logins are not changed an attacker has easy access to the component when the attacker has found out the IP-address of the component,” ASERCOM says.
Related stories:
Hackers expose vulnerable refrigeration systems – 11 February 2019
UK: Controls manufacturer RDM says it will be contacting customers reminding them to set secure passwords after hackers revealed that hundreds of its systems are vulnerable to cyber attack. Read more…
ASERCOM guide to cybersecurity – 24 October 2018
GERMANY: ASERCOM has published a free-to-download guide to securing components against the threat of cyber-attacks. Read more…
Man jailed for supermarket refrigeration hack – 27 January 2019
NETHERLANDS: A Dutchman has been sentenced to four months prison after hacking into a supermarket refrigeration system. Read more…