Security researchers have uncovered a vulnerability in networked refrigeration used by supermarkets and hospitals that could allow a hacker to change temperature settings.
Detailed by researchers from Safety Detective Thursday, the vulnerability allows for remote attacks from the internet because many owners fail to change default passwords ot implement other security measures.
Using the Shodan search engine, the researchers found the vulnerability in 7,419 networked commercial thermostats made by Resource Data Management Ltd. The thermostats are used in commercial refrigeration, allowing a user to adjust settings.
The hackable fridges were also found in multiple countries. Some examples cited include a cold storage facility in Germany, a hospital and supermarkets in the U.K., a pharmaceutical company in Malaysia, a food storage facility in Iceland and an Italian food company.
The worst part is that the web interface can be accessed with zero authentication, but the password is required to change the settings. After obtaining access, a hacker would have the ability to change refrigerator, user and alarm settings. Changing the temperature of the fridges presents the largest risk and it would spoil products that require cold storage.
“The systems can be accessed through any browser,” the researchers explained. “All you need is the right URL, which as our tests show, isn’t too difficult to find. We will not go into detail here, as it is not our intention to encourage the hacking of systems that could literally put lives at risk, but all it takes is a simple Google search.”
Why anyone would want to hack or access a fridge for nefarious purposes isn’t clear, but it has happened before.
In January, it was reported that a man in the Netherlands was sentenced to four months in prison after doing exactly that. Described as a disgruntled former employee of refrigeration contractor, the man used existing passwords to access a supermarket and a medical storage facility to change the temperature settings on their refrigeration systems. In that case, the damage was limited thanks to quick intervention, but the outcome could have been far worse.
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.