Researchers at The Safety Detectives Research Lab have discovered a major security breach for hospitals, pharmaceutical companies and supermarket refrigeration systems worldwide. According to this report, temperature controlled systems manufactured by a company based in Scotland called Resource Data Management (RDM) are at risk. These remote controlled systems are currently in use by hospitals, pharmaceuticals and supermarkets and their first estimate was that 7419 of RDM’s installations were vulnerable. And after further analysis by the Safety Detective Team they now believe that the impact may actually be much larger and difficult to even calculate.
One of the security issues that the Safety Detectives uncovered had to do with unsecured passwords. A secure password is usually considered the first line of defense when it comes to Cybersecurity. RDM used the same default password on all their devices and that password is as easy as 1, 2, 3 and RDM takes no accountability for their lackadaisical attitude. It took several attempts by the Safety Detective Team to get RDM to acknowledge that this may not be considered best practices and even then RDM wanted to pass the buck to the Consumer saying that it’s the Client’s responsibility to make password changes. This type of apathetic reasoning may well come to a stop if laws like the one that California just passed that specifically calls for each and every new electronic IoT (Internet of Things) device to have its own preprogrammed UNIQUE password for each gadget. And the law goes further also mandating that there is a security feature that requires the User to generate a new password before any access will be granted for their first use. This will stop the Consumer from even using the unique preprogrammed password and forcing them to change it. This law will be in effect in 2020. Even the EU (European Union) is getting on the band wagon with new recommendations which are intended to help companies meet new upcoming data privacy requirement under their GDPR (General Data Protection Regulation). It appears that the European Regulators are taking this topic seriously and want to be ahead of the curve when it comes to cybersecurity risk mitigation. It is a “must” have requirement.
Another issue that the Safety Detectives pointed out is that RDM also includes the floorplans or site layouts of their Customers. I think if I was one of RDM’s product Users it would bother me having this information for all eyes to see. I don’t think that these kinds of details are for public viewing and more for those who need to know perhaps like the Fire Department.
I echo what Rhett Jones said in his Privacy and Security piece, “if RDM’s clients start experiencing major issues, the manufacturer’s headaches could begin long before any regulations are implemented”.
In the future, I will keep an eye on what other systems or paradigms that the Safety Detectives are researching. They are a great Consumer Advocate with their eyes on Cybercrime. The Safety Detectives recently uncovered a “Major Security Breach Affecting Nearly Half of All Airline Travelers Worldwide.” After making this discovery and contacting those in charge, there have been steps to correct this issue. When contacted about the breach, Amadeus provided the following statement: “At Amadeus, we give security the highest priority and are constantly monitoring and updating our systems. Our technical teams took immediate action and we can now confirm that the issue is solved. To further strengthen security, we have added a Recovery PTR to prevent a malicious user from accessing travelers’ personal information. We regret any inconvenience this situation might have caused.” My hat is off to the Safety Detectives for the excellent work that they do on our behalf.