A vulnerability emerged in 7,419 industrial devices connected to the Internet and placed in hospitals, supermarkets and companies. Just a simple attack to get around the passwords and turn them off.
The Safety Detective researchers found a flaw in the safety of the temperature control systems of these devices connected to the internet. All these machines could be easily turned off by accessing them through a common browser.
The flaw in security detected is the ability to access all these devices with credentials easily available on the company’s website. “These systems all use the httpnon-secure protocol and port 9000 (or sometimes 8080, 8100 or even simply 80).
They all have a default user name and a pre-set password, which is rarely changed by system administrators, “writes Safety Detective to his report.