Security researchers have uncovered a vulnerability in networked refrigeration used by supermarkets and hospitals that could allow a hacker to change temperature settings.

Detailed by researchers from Safety Detective Thursday, the vulnerability allows for remote attacks from the internet because many owners fail to change default passwords or implement other security measures.

Using the Shodan search engine, the researchers found the vulnerability in 7,419 networked commercial thermostats made by Resource Data Management Ltd. The thermostats are used in commercial refrigeration, allowing a user to adjust settings.

The hackable fridges were also found in multiple countries. Some examples cited include a cold storage facility in Germany, a hospital and supermarkets in the U.K., a pharmaceutical company in Malaysia, a food storage facility in Iceland and an Italian food company.

The worst part is that the web interface can be accessed with zero authentication, but the password is required to change the settings. After obtaining access, a hacker would have the ability to change refrigerator, user and alarm settings. Changing the temperature of the fridges presents the largest risk and it would spoil products that require cold storage.

“The systems can be accessed through any browser,” the researchers explained. “All you need is the right URL, which as our tests show, isn’t too difficult to find. We will not go into detail here, as it is not our intention to encourage the hacking of systems that could literally put lives at risk, but all it takes is a simple Google search.”

Why anyone would want to hack or access a fridge for nefarious purposes isn’t clear, but it has happened before.

In January, it was reported that a man in the Netherlands was sentenced to four months in prison after doing exactly that. Described as a disgruntled former employee of refrigeration contractor, the man used existing passwords to access a supermarket and a medical storage facility to change the temperature settings on their refrigeration systems. In that case, the damage was limited thanks to quick intervention, but the outcome could have been far worse.

Photo: Pexels