These systems are used for example in defense, health, oil industry and public transport.
– It is a kind of nervous system in society, and therefore very, very important, says researcher Niklas William at the National Security Authority (NSM) to Dagbladet.
But that unauthorized persons may gain access to such systems, can also affect you and me everyday.
Can turn off heat
One of the systems Dagbladet has taken control heat pump for Quarter 10 in Drammen, which houses everything from gym and grocery store to homes and a car park.
Without entering either your username or password, we gained access to the online control panel. It was possible to change the status of 30 different buttons.
We showed a video of this system at Union property, which is the builder for the quarter. He did not want to ask for an interview with Dagbladet, but confirms that the buttons control the various components of a heat pump. This is one of two heat sources in the quarter.
Severe
Niklas William at NSM believes there may be serious for the individual that such systems is available online, although this does not necessarily have a major social impact.
– My immediate concern is if it lives old and sick people around about, and some take the heat midwinter, it could potentially have been very serious consequences. So it’s a situation we really did not want and the call must be to raise enough awareness about it, he said.
administrator at Union real estate downplaying this.
– You could have turned off the heat pump, but there had been no deal. If you had turned the heat on a very cold Friday afternoon, I had been told that Saturday morning, he says, but at the same time expresses concern to know that this has been open.
Shaken
Their is only one of the heating systems Dagbladet found available online, some of which belong to health institutions and cooling systems. Another part of apartment building triangle at Vik in Buskerud.
Dagbladet showed the system to the manager of the condominium in the triangle, Sven Alexander.
– First I did not understand what it was about, but I was a bit shocked that the management system and readout system for heating here was completely open for anyone to look at. I had no idea, so it was a bit daunting, he said.
– Not required
It is Ringeriks-Force own heating and Director Live Dokka says she was not aware that the system was so accessible.
– It is not desirable in any way for this to be open, she said.
After investigating the matter with its suppliers, writes Dokka in an SMS to Dagbladet that there will be some security changes.
“So then the matter shall be safeguarded. Thanks for that we were made aware of the security hole. “
Dagbladet has also been in contact with the company Trend Control Systems in Denmark, provider of some of these systems to Norway, and sent them screenshot of one of the unsecured systems.
can destroy
CEO Arman Saeidnia answer the following to this e-mail: Please – Remote access to building control systems are not uncommon. Trend has always recommended that those who sell and set up our equipment, set them up safely behind a firewall or on a virtual private network to prevent unauthorized access.
Niklas William at NSM points out that random commands in online panels can possibly get management to stop working.
– It will vary from system to system. It will in all cases be possible to turn them off, he said.
No comments:
Post a Comment