The massive Target breach led to revelations that many companies use Internet-connected heating, ventilation and air conditioning (HVAC) systems without adequate security, giving hackers a potential gateway to key corporate systems, a security firm warned. Qualys, a provider of cloud-based security services, said its researchers have discovered that most of the nearly 55,000 HVAC systems connected to the Internet over the past two years can be easily exploited by hackers. In Target's case, hackers stole login credentials belonging to a company that provides the retailer with HVAC services. HVAC systems connect to networks at all kinds of enterprises -retailers, government agencies and even hospitals, according to Qualys. HVAC vendors and other third parties often have remote access to their customers' systems for administrative and support purposes.
展开▼
