UK: Refrigeration controls manufacturer RDM is removing all default internet access passwords from its products, giving each panel a unique password.
The Glasgow-based manufacturer was reacting to reports over the weekend that hackers had exposed vulnerabilities in “hundreds” of internet-connected sites using RDM controls where users had failed to change manufacturers’ default passwords.
Speaking to the Cooling Post, RDM MD Andrew Chandler said the reports were not totally correct and highlighted a much bigger number than is the case.
“It refers to the Shodan web site reports which shows over 7000 sites and over 1200 sites in Russia but we have never sold in Russia,” he said.
He maintains that the Shodan search engine for internet-connected devices was looking at a web server that RDM uses but that this server was also used by a lot of other router companies.
“In reality there were very few RDM systems on the internet direct where the default user names had not been changed,” he said. “We re-iterated again to all our clients the importance of security and also turning on the “Force CGI login” which is a site set-up function.
“Going forward we have removed default passwords from our products and each panel will have a unique password only,” Chandler confirmed.
European manufacturers’ group ASERCOM has recently highlighted concerns that, with an increasing number of HVACR components having a data interface that is accessible from outside the premises, the threat of cyber attacks has increased.
In its recently published guideline document, ASERCOM advises installers and end users to change all default login names and passwords during installation as advised by manufacturers. “If these default logins are not changed an attacker has easy access to the component when the attacker has found out the IP-address of the component,” ASERCOM says.
Hackers expose vulnerable refrigeration systems – 11 February 2019
UK: Controls manufacturer RDM says it will be contacting customers reminding them to set secure passwords after hackers revealed that hundreds of its systems are vulnerable to cyber attack. Read more…