Hackers might “assist” Britain in freezing

The beginning of winter in the UK is unusually cold and due to heavy snowfalls and low temperatures many schools were closed in the country. This situation inspired researchers at Pen Test Partners to check the cybersecurity of the heating systems. The results are not hopeful: thousands of heating systems have electronic controllers, which have direct connection to the Internet and are weakly protected or not at all.

According to Pen Test Partners consultant Ken Munro, manufacturers should think about strengthening security of their devices as well; however, most of the responsibility lies on negligent installation engineers. For example, Trend Control’s instruction to controllers clearly reads that the devices should be connection to isolated subnets and in no case have direct connection to the Internet. Nevertheless, using a search engine for Internet of Things Shodan researchers in a matter of seconds discovered over a thousand Trend Controls controllers that had direct connection to the global network. Therefore, it’s not surprising that many systems turned out to be infected with different types of malware. Not only schools had vulnerable heating systems, but also different state and private organizations from government institutions and fire stations to restaurants and even military bases. Obviously, it won’t be a problem for the hackers to change controllers’ setting and cause serious problems in the function of all these organizations.

source:  Technical Center of Internet

Back to the list