Hackers could leave pupils and military personnel freezing this week due to security issues affecting heating systems, researchers have warned.

Vulnerable controllers have been improperly installed on military bases and in schools, with government buildings and business premises also affected.

The Ministry of Defence was unable to inform Sky News of whether it knew of affected systems on MoD property.

It took Pen Test Partners less than 10 seconds to find more than a thousand insecure systems that were accidentally connected to the internet.

Some of these had already been compromised by malware which, curiously, attempts to mine Bitcoin on a device’s hardware – although the devices are not capable of this.

The researchers add that the manufacturer, Trend Controls, is not to blame for these systems being open to hackers through the internet – but rather that is the fault of the third parties installers.

“Most of these issues have been caused by… installers [who] have exposed their clients through not following manufacturer security guidelines.

“The manufacturer could still make improvements, though,” the researcher added, stating they had presented their findings to GCHQ and other members of industry.

Among the locations hackers could locate using the Shodan search engine were a fire station and an infants’ school in Chelmsford.

A spokesperson from the manufacturer told Sky News: “Trend takes cyber security seriously and regularly communicates with customers to make devices and connections as secure as possible.

“This includes the importance of configuring systems behind a firewall or virtual private network, and ensuring systems have the latest firmware and other security updates to mitigate the risk of unauthorized access.

“We know cyber security is a top concern for our customers and, as always, will continue to assess and test the effectiveness of our products, solutions and communications.”



Source link