We’re going to blow up your boiler: Critical bug threatens hospital systems

More than 21,000 Internet-connected devices sold by Honeywell are vulnerable to a hack that allows attackers to remotely seize control of building heating systems, elevators, and other industrial equipment and in some cases, causes them to malfunction.

The hijacking vulnerability in Niagara AX-branded hardware and software sold by Honeywell's Tridium division was demonstrated at this week's Kaspersky Security Analyst Summit in San Juan, Puerto Rico. Billy Rios and Terry McCorkle, two security experts with a firm called Cylance, allowed an audience to watch as they executed a custom script that took about 25 seconds to take control of a default configuration of the industrial control software. When they were done they had unfettered control over the device, which is used to centralize control over alarm systems, garage doors, heating ventilation and cooling systems, and other equipment in large buildings.

Taking advantage of the flaw would give attackers half a world away the same control on-site engineers have over connected systems. Extortionists, disgruntled or unstable employees, or even terrorists could potentially exploit vulnerabilities that allow them to bring about catastrophic effects, such as causing a large heating system to explode or catch fire or sabotaging large chillers used by hospitals and other facilities. Attackers could also exploit the bug to gain a toehold into networks, which could then be further penetrated using additional vulnerabilities that may be present.

"We actually just used this against one of our premium clients a couple weeks ago," Rios said, referring to a penetration test he performed to test a customer's network for hacking vulnerabilities. "They were pretty shocked. They took their device off the Internet before the engagement was over."

http://arstechnica.com/security/2013/02/were-going-to-blow-up-your-boiler-critical-bug-threatens-hospital-systems/