RDM acts to remove default passwords

11 Feb 2019

574

UK: Refrigeration controls manufacturer RDM is removing all default internet access passwords from its products, giving each panel a unique password.

The Glasgow-based manufacturer was reacting to reports over the weekend that hackers had exposed vulnerabilities in “hundreds” of internet-connected sites using RDM controls where users had failed to change manufacturers’ default passwords.

Speaking to the Cooling Post, RDM MD Andrew Chandler said the reports were not totally correct and highlighted a much bigger number than is the case.

“It refers to the Shodan web site reports which shows over 7000 sites and over 1200 sites in Russia but we have never sold in Russia,” he said.

He maintains that the Shodan search engine for internet-connected devices was looking at a web server that RDM uses but that this server was also used by a lot of other router companies.

“In reality there were very few RDM systems on the internet direct where the default user names had not been changed,” he said. “We re-iterated again to all our clients the importance of security and also turning on the “Force CGI login” which is a site set-up function.

“Going forward we have removed default passwords from our products and each panel will have a unique password only,” Chandler confirmed.

Change defaults

European manufacturers’ group ASERCOM has recently highlighted concerns that, with an increasing number of HVACR components having a data interface that is accessible from outside the premises, the threat of cyber attacks has increased.

In its recently published guideline document, ASERCOM advises installers and end users to change all default login names and passwords during installation as advised by manufacturers. “If these default logins are not changed an attacker has easy access to the component when the attacker has found out the IP-address of the component,” ASERCOM says.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

RDM acts to remove default passwords

Change defaults

Related stories:

Neil Everitt

Change defaults

Related stories:

Related Articles