Security researchers at Safety Detective revealed vulnerabilities in the temperature control systems found in freezers that could allow an attacker to hijack the devices and destroy its contents. The security hole, which stems from weak passwords, affect internet-connected thermostats manufactured by Resource Data Management (RDM). The company's products are used by grocery stores, hospitals pharmaceutical firms, among others.
The researchers used Shodan, an internet search engine that shows specific devices connected to the internet, to find more 7,419 RDM products suffering from the vulnerability, many of which control multiple devices. Most of the thermostats are still using the default password, which makes them incredibly easy for an attacker to gain control of. Once a malicious actor hijacks the device, they are able to adjust temperatures, change alarms and obtain floor plans of facilities where the freezers are located.
Unfortunately, much like the issue that is plaguing Nest cameras at the moment, the issue with RDM's products comes from users failing to follow the necessary steps to secure their products. When approached by Safety Detective about the issue, RDM said the issue is related to the use of default passwords and users are encouraged to change them. Of course, companies could take action to force users to set up new passwords rather than rely on them to take action on their own, but for now, the firm is passing the blame onto users.