Critical security problems in internet-connected Micro CHP by Vaillant

This blog collects news relevant to the design of current and future energy systems, with a focus on economics, Europe and the Netherlands. The views expressed here are my own and not those of CWI Amsterdam (the research institute I am employed at).

I am not an expert on any single technology in energy systems (e.g. transmission, electric vehicles, batteries), but the interconnectedness in our energy systems makes a broader view very important, as well. I come across lots of links because I developed a general interest in this important societal topic during my PhD and thus come across lots of news stories. Sometimes I will give only the link, but if time allows, I'll summarise shortly what I think the most important or interesting bits are.

[This blog ran initially on Posterous, but they sold to Twitter and shut down. I decided to move it into my own domain.]

the latest entries:

The seven habits of highly effective people

The Mom test

Der letzte Weynfeldt

Google-free Android on Fairphone, again

Other minds

Risiko

The Why-are-you-here Cafe

Herbstmilch

Mit brennender Geduld

show search options

Critical security problems in internet-connected Micro CHP by Vaillant

[The article is in German.] It first discusses how the security hole in the software of the heating system was discovered. The company cooperated quickly on creating a fix, but the initial implementation was indeed very bad work. In addition, it is still common practice to leave a standard password activated on such devices, such that service personnel can easily get access. With internet-access, this is, in addition to software holes, deadly.

Such things are bound to happen again and again and only harsh security audits can at least provide some security in the future for such systems.

Several attack angles are discussed later in the article, for instance turning off price constraints (leading to very high operation costs) or overheating such that the building substance is damaged.

http://www.bhkw-infothek.de/nachrichten/18555/2013-04-15-kritische-sicherheitslucke-ermoglicht-fremdzugriff-auf-systemregler-des-vaillant-ecopower-1-0/

17 Apr 2013 - 9:56

# lastedited 27 May 2013

You are seeing a selection of all entries on this page. See all there are.