Threat Watch

Some Hospitals and Supermarkets Found to have Critical Security Flaw

A Scottish firm by the name of Resource Data Management (RDM), known for remote monitoring solutions, is believed to hold vulnerabilities within its temperature control system (TCS). Through research, it was discovered that thousands of organizations could be using the flaw-laden system. Researchers’ comments stated, “A basic scan reveals hundreds of installations in the UK, Australia, Israel, Germany, the Netherlands, Malaysia, Iceland, and many other countries around the world. As each installation has dozens of machines under it, we’re looking at many thousands of vulnerable machines.” The systems run on port 9000, 8080, 8100, 80 and use default usernames as well as passwords, which would have to be changed by an administrator. Therefore, anyone who finds the correct URL can have access to the system and some even turn up in simple Google search. RDM was contacted for comment and initially did not respond, but then followed up by stating that they cannot control how their customers configure their systems.

ANALYST NOTES

Users operating on an RDM system should take advantage of the update being released by the company. They should also change their default credentials if using TCS.