Qualys says about 55,000 Internet-connected heating systems, including one at the Sochi Olympic arena, lack adequate security.
Computerworld — The massive Target breach led to revelations that many companies use Internet-connected heating, ventilation, and air conditioning (HVAC) systems without adequate security, giving hackers a potential gateway to key corporate systems, a security firm warned Thursday.
Cloud security service provider Qualys said that its researchers have discovered that most of about 55,000 HVAC systems connected to the Internet over the past two years have flaws that can be easily exploited by hackers. Such a flaw was used by hackers in the Target breach.
HVAC systems connect to networks at various retail companies, government buildings and even hospitals, according to the security firm. HVAC vendors and other third parties often have remote access right to these systems for administrative and support purposes.
Hackers can exploit these systems to gain access to enterprise networks and leapfrog onto other corporate systems, Qualys said.
