Home » Cyber Security News » Critical security flaw found in control systems of several hospitals and supermarket chains

Critical security flaw found in control systems of several hospitals and supermarket chains

  • Research study exposed a security flaw existing in temperature control systems manufactured by Resource Data Management.
  • Many popular names that incorporate these control systems include Marks & Spencer, Ocado & Way-on.

Resource Data Management (RDM), a Scottish firm engaged in providing remote monitoring solutions, was found to have security loopholes in its temperature control systems (TCS).

According to security researchers Noam Rotem and Ran L who conducted a detailed analysis, there may be thousands of organizations using these systems affected by the security vulnerabilities.

Hospitals and supermarket chains including Marks & Spencer, Ocado, and Way-on, use TCS built by RDM. From the report, it is evident that these systems use unsecured HTTP protocol and the 9000 port (or sometimes 8080, 8100, or even simply 80).

On top of this, all of them had default usernames and passwords, which are left unchanged by administrators. Thus, anyone with the right URL could easily access these systems.

Thousands of vulnerable systems

The researchers warned about the number of vulnerable system stating, “A basic scan reveals hundreds of installations in the UK, Australia, Israel, Germany, the Netherlands, Malaysia, Iceland, and many other countries around the world. As each installation has dozens of machines under it, we’re looking at many thousands of vulnerable machines.”

The researchers found over 7,000 installations with vulnerabilities through Shodan. The scary part is some of the devices installed with these control systems could even be found by a Google search.

In their research, Rotem and Ran also demonstrated how RDM-made control systems in a hospital as well as a supermarket, could be easily accessed. All they had to do was find the device URL and input the default username and password combination. Similarly, they even got into systems of Marks and Spencer and other companies from Italy, Germany, and Malaysia.

Change the credentials

Meanwhile, Rotem and Ran informed RDM of these security issues. However, the company first fended off the researchers without showing interest in the incident but later responded saying that they have no control over how their customer configure their TCS installations.

Furthermore, RDM has notified of an update to resolve this issue and has urged user admins to change default credentials in TCS.

Buy Firewall, Buy Firewall Online, Buy Firewall Online India Buy Firewall, Buy Firewalls Online, Buy Firewall Online in India from IT Monteur's Firewall Firm, Buy Firewall Support, Buy Firewall License & License Renewals

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket