Honeywell’s Niagara control system, whose task is to control the buildings’ electricity, heating and other systems, appeared a cyber-terror disaster in waiting. Despite warnings from the United States’ officials, one can close down buildings completely through a cyber attack.
The Niagara control system from Honeywell International's Tridium division is designed to connect to the Internet by default – though it doesn’t need to do so, it does it anyway. According to insecurity experts from CyLance, Billy Rios and Terry McCorkle, they found the flaws in 2012, which prompted the Department of Homeland Security to warn people to change their settings. As a result, Honeywell has released a software update which the two researchers previously said had successfully addressed the problem.
But it seems that there are more bugs in Tridium’s technology which still make customers vulnerable to Internet attack. Insecurity experts demonstrated how they could take control of a Niagara system through a new piece of software they had developed by themselves.
Despite the fact that they refused to say how they did so, the experts said that the hackers could do the same by taking advantage of weak encryption and passwords stored internally on the company’s control devices.
Sometimes, after the attackers had wrecked Tridium’s physical environment, they could use the intrusion as a gateway to getting into the building’s main office PCs. In response, a Honeywell representative claimed that the company is currently working to address the problems as quickly as possible. They promised to alert the users of the risks.
The Niagara control system from Honeywell International's Tridium division is designed to connect to the Internet by default – though it doesn’t need to do so, it does it anyway. According to insecurity experts from CyLance, Billy Rios and Terry McCorkle, they found the flaws in 2012, which prompted the Department of Homeland Security to warn people to change their settings. As a result, Honeywell has released a software update which the two researchers previously said had successfully addressed the problem.
But it seems that there are more bugs in Tridium’s technology which still make customers vulnerable to Internet attack. Insecurity experts demonstrated how they could take control of a Niagara system through a new piece of software they had developed by themselves.
Despite the fact that they refused to say how they did so, the experts said that the hackers could do the same by taking advantage of weak encryption and passwords stored internally on the company’s control devices.
Sometimes, after the attackers had wrecked Tridium’s physical environment, they could use the intrusion as a gateway to getting into the building’s main office PCs. In response, a Honeywell representative claimed that the company is currently working to address the problems as quickly as possible. They promised to alert the users of the risks.