Pages Menu
Categories Menu

Posted by on Dec 13, 2012 in Internet |

Company suffers intrusion into the control system of air conditioning

Company suffers intrusion into the control system of air conditioning

On behalf of Stuxnet , surely, is already quite familiar to us since the name the worm that attacked systems SCADA nuclear plant in Iran. This case brought to the table that industrial control systems could be vulnerable and therefore could become the target of an attack. Precisely, the vulnerabilities of an industrial system have been the source of a particular case is being investigated by the FBI in the United States where a New Jersey company suffered an intrusion into their systems and attackers could control, remotely, the system controlling the heating of their facilities .

According to the FBI, a New Jersey company (whose name has not been revealed) used an older version of industrial control system Niagara AX Framework for the management of air conditioning and heating their offices and thus control, centrally, the heating of different areas of their offices. The problem? System had published directly on the Internet without even setup a firewall that would control access to the system and, of course, considering that multiple vulnerabilities have been identified in this system of control and he was without protection, it turned the great doom: unauthorized external access.

The problem, beyond the control of air conditioning, the system is offered intruders in the building plans had been identified jobs with the names of users (identifying shipments), ie, could perform a “virtual tour” of the building facilities. But, really, what worries the authorities is that the Niagara AX Framework is a system widely used in industrial process control and building automation worldwide and, for example, the offices of the FBI, the Pentagon or the Department of Justice use these systems as 20,000 other agencies and businesses around the world with some 300,000 instances deployed.

An into the air conditioning system, at first glance, might seem a little serious fact, however, that a third controlase remote cooling system of a data center or an industrial plant itself could be a problem because, strange as it may seem, there are several documented cases of systems with vulnerabilities and that, however, are connected to the network without too many safety measures.

Tags: , , ,