Tech Crunch reports that internet-connected industrial refrigerators can be easily instructed to defrost. The vulnerable systems, manufactured by Resource Data Management, can be controlled by plugging in its default password found in documentation on the company's website.
Many of the units are found in restaurants, hospitals and supermarkets across Europe and China. Researchers found that pharmaceutical companies in Malaysia that use the refrigerator could also be vulnerable to defrosting hacks.
If one of the refrigerators were to be defrosted, it could cause significant water damage, financial loss and destruction of inventory.
"The systems can be accessed through any browser," Noam Rotem, a security researcher who found the vulnerable system tells Tech Crunch. "As you need is the right URL, which as our tests show, isn't too difficult to find."
Defrosting the machine only takes a click of a button and entering of the default username and password, both of which are near-universal across the company's devices, Tech Crunch reports. Rotem also says that it is possible to modify user settings, alarms and other features on the exposed devices.
“We clearly state in our documentation that the default passwords must be changed when the system is installed.” However, the change isn’t mandatory. According to Rotem, many device owners don’t bother. The company also distanced itself from its own security practices. “We have no control over how our systems are set up by the installer and we suggest your article is directed at the users and installers of our equipment,” a representative of Resource Data Management said in an emailed statement to Tech Crunch. “We will inform owners that we have new software available with new functions and features but ultimately it is up to them to request an upgrade.”