[The article is in German.] It first discusses how the security hole in the software of the heating system was discovered. The company cooperated quickly on creating a fix, but the initial implementation was indeed very bad work. In addition, it is still common practice to leave a standard password activated on such devices, such that service personnel can easily get access. With internet-access, this is, in addition to software holes, deadly.

Such things are bound to happen again and again and only harsh security audits can at least provide some security in the future for such systems.

Several attack angles are discussed later in the article, for instance turning off price constraints (leading to very high operation costs) or overheating such that the building substance is damaged.



17 Apr 2013 - 9:56
# lastedited 27 May 2013
You are seeing a selection of all entries on this page. See all there are.