Thousands of RDM refrigeration systems exposed online are at risk

Experts from Safety Detective discovered thousands of refrigeration systems made by Resource Data Management (RDM) exposed to remote attacks.

Thousands of instances of a temperature control system made by Resource Data Management (RDM) are exposed to remote attacks because they were using default passwords and failed in implementing other security measures.

The vulnerable instances are used by organizations from several industries, including healthcare providers and supermarket chains such as Marks & Spencer, Ocado, and Way-On.

The experts have found 7,400 devices exposed online by querying
the Shodan search engine, most of them in Russia, Malaysia, Brazil, the United Kingdom, Taiwan, Australia, Israel, Germany, the Netherlands, and Iceland.

Systems exposed online could be accessed via HTTP on ports 9000, 8080, 8100, or 80. An attacker can easily access the vulnerable instances because they use a known default username and password combination. In many cases, the web interface can be accessed without authentication.

“They all come with a default username and “1234” as the default password, which is rarely changed by system administrators.” reads the analysis published by Safety Detective.

All the screenshots taken in this report didn’t require entering the user and password but it came to our knowledge that almost all devices used the default password.”

Experts pointed out that many systems can be easily found using a simple Google search, they explained that the office secretary of the company quickly discovered a cooling factory in Germany and a hospital in the UK.

Accessing the exposed refrigeration systems, an unauthorized attacker can change user and alarm settings. Imagine the damages that could be caused by activating the defrost function, especially when dealing with hospitals where refrigeration systems are used to store blood and drugs.

Safety Detective reported its findings to RDM, but the vendor initially downplayed the report. RDM later acknowledged the risks, but highlighted that the issues reported by the experts were caused by wrong installations made by users and installers.

“To clarify the situation from RDM we would confirm that the default passwords must be changed by the installer at the time of setup. RDM does not have any control over where our systems go and who install them. We clearly state in our documentation that the default passwords MUST be changed when the system is installed. It’s similar to an off the shelf router with default user names and passwords Admin Admin,” replied an RDM spokesman.

“We would also point out that we do not have remote connectivity to many systems and even though it is possible to upgrade our software remotely we are unable to do this without the consent of the owner. We will inform owners that we have new software available with new functions and features but ultimately it is up to them to request an upgrade which can be done via USB locally or by there installer / maintainer remotely,”

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2021

We are in our 9th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.