Latest in Gear

Image credit: NurPhoto via Getty Images

Networked freezers at grocery stores are vulnerable to hacking

Default passwords make it easy to hijack the appliances.
1104 Shares
Share
Tweet
Share
Save

Sponsored Links

NurPhoto via Getty Images

Security researchers at Safety Detective revealed vulnerabilities in the temperature control systems found in freezers that could allow an attacker to hijack the devices and destroy its contents. The security hole, which stems from weak passwords, affect internet-connected thermostats manufactured by Resource Data Management (RDM). The company's products are used by grocery stores, hospitals pharmaceutical firms, among others.

The researchers used Shodan, an internet search engine that shows specific devices connected to the internet, to find more 7,419 RDM products suffering from the vulnerability, many of which control multiple devices. Most of the thermostats are still using the default password, which makes them incredibly easy for an attacker to gain control of. Once a malicious actor hijacks the device, they are able to adjust temperatures, change alarms and obtain floor plans of facilities where the freezers are located.

Unfortunately, much like the issue that is plaguing Nest cameras at the moment, the issue with RDM's products comes from users failing to follow the necessary steps to secure their products. When approached by Safety Detective about the issue, RDM said the issue is related to the use of default passwords and users are encouraged to change them. Of course, companies could take action to force users to set up new passwords rather than rely on them to take action on their own, but for now, the firm is passing the blame onto users.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1104 Shares
Share
Tweet
Share
Save

Popular on Engadget

Runkeeper drops its Wear OS app due to a 'buggy experience'

Runkeeper drops its Wear OS app due to a 'buggy experience'

View
Drako's GTE electric supercar will be a four-motor, 1,200HP monster

Drako's GTE electric supercar will be a four-motor, 1,200HP monster

View
Nintendo says there is no Switch exchange program

Nintendo says there is no Switch exchange program

View
IKEA creates a business unit devoted to smart home tech

IKEA creates a business unit devoted to smart home tech

View
US will reportedly give Huawei another temporary reprieve

US will reportedly give Huawei another temporary reprieve

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr