Internet-controlled systems and devices vulnerable, experts say
Long-term care facilities should take extra precautions when using the Internet to manage heating, cooling, alarms and medical equipment, experts recently cautioned. To prove their point, they found a flaw in a widely used Honeywell product that allowed them to take unauthorized control of buildings' key systems. Billy Rios and Terry McCorkle, employed by security firm Cylance, found bugs in Niagara-AX branded products sold by Honeywell's Tridium division. They exploited hardware and software vulnerabilities to take control of an incident command system. They demonstrated how this can be done at a recent security summit in San Juan, Puerto Rico.