jump to navigation

The Target Data Attach Reveals HVAC Vulnerabilities March 17, 2014

Posted by TelUS Consulting Services in Data Networking catagory.

The massive Target data security breach has led to revelations that I feel certain not many customers knew existed. With many companies using internet-connected HVAC systems for heating, ventilation and air conditioning very little thought has gone into security of such systems., giving hackers a potential backdoor gateway into otherwise secure corporate systems.

Qualys, a provider of cloud-based security services has said that its research has discovered that most of the nearly 55,000 HVAC systems connected to the internet over the past two years can easily be exploited by hackers. In Target’s case, hackers appear to have stole login credentials belonging to to a company that provides the retailer with HVAC services.

HVAC systems connect to networks at all kinds of enterprises, retailers, government agencies and hospitals. HVAC vendors and other third parties often have remote access to their customer’s systems for administrative and support purposes. Companies tend to be lax about HVAC security because they have no idea that HVAC systems can provide entry into corporate networks. In fact, many HVAC management firms use the same username and password for multiple customers. This, as we all know, is a security no no.

As a general rule of thumb, if your company or your vendors can access your facilities via the public internet for any reason, so can the hackers. Security precautions should be observed for all such access.


Joe Buck, NCE

%d bloggers like this: