• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • December 13th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Security » Security Flaw in Honeywell Gas Detectors Can Virtually Kill People

Security Flaw in Honeywell Gas Detectors Can Virtually Kill People

December 9th, 2015 Ryan De Souza Security 0 comments
Security Flaw in Honeywell Gas Detectors Can Virtually Kill People
Share on FacebookShare on Twitter

After hacking nuclear plants, Refrigerator, House Arrest Ankle Bracelet, Smartphones GPS Signals, Electronic Skateboards, Driverless Cars, Jeep, Computer Controlled Sniper Rifle and Jeep Cherokee etc, it is now time for hackers to exploit the remote hacking security flaw in gas detectors.

According to the ICS-CERT advisory, gas detector manufactured and sold by a US-based firm “Honeywell” are vulnerable to remote attacks from hackers. Once attacked, hackers can modify detector’s setting without any permission.

Versions affected by the vulnerability are Honeywell Midas version 1.13b1 and prior, and Honeywell Midas Black version 2.13b1 and prior, though the manufacturer has already worked on the fixes and have passed on to the consumers.

Earlier version of the detector more vulnerable

Screen Shot 2015-12-09 at 1.02.59 AM

Honeywell Midas Gas detector | Image Source: Honeywellanalytics.com

In the earlier versions, there are two vulnerabilities which affect the detectors and both are real critical as CVSS severity scores of both the detectors are 8.6 and 9.4 out of 10. Both can be exploited remotely.

[fullsquaread][/fullsquaread]

First vulnerability can allow an attacker to bypass any authentication to log in to the device and also to make any modifications in the settings of the detectors.

The second one allows attackers to breach the login credentials of the user and also configure the gas detectors. The second vulnerability is basically improper encryption of authentication details so if attackers find a device within his range he can breach user’s login credentials.

Dangers posed by the security flaws:

These vulnerabilities can virtually take anyone’s life as vulnerability can allow hackers to raise the gas level to the level which can burn out the equipment and also the area in the surroundings.

That’s why the manufacturer has recommended user to use detectors in DMZ zones (demilitarized zone), firewall protections and only access the device via VPNs.

 

Furthermore, they should not connect to the network when not necessary and only keep the access to authorized personnel.

Note: Special thanks to the security researcher Maxim Rupp for conducting research on this security flaw.

[src src=”Featured Image Via” url=”http://images.alphacoders.com/178/178583.jpg”]Alpha Coders[/src] 

  • Tags
  • cyber attacks
  • Flaw
  • hacking
  • IoT
  • security
  • VPN
  • Vulnerability
Facebook Twitter Google+ LinkedIn Pinterest
Previous article Pakistani Veteran Journalist Hamid Mir' Twitter Account Hacked
Next article New Facebook Phishing Scam Targets Page Admins
Ryan De Souza

Ryan De Souza

Ryan is a London-based member of the HackRead's Editorial team. A graduate of Maths and physics with a passion for geopolitics and human rights. Ryan places integrity at the pinnacle of successful journalism and believes this is somewhat lacking in traditional media. Ryan is an educator who balances his time between family, social activism and humanitarian causes and his vice is Football and cars.

Related Posts
"The Smartest Lock Ever” KeyWe is Vulnerable to Hacking

"The Smartest Lock Ever” KeyWe is Vulnerable to Hacking

Plundervolt: A new attack on Intel processors threatening SGX data

Plundervolt: A new attack on Intel processors threatening SGX data

2.7 billion email addresses & plain-text passwords exposed online

2.7 billion email addresses & plain-text passwords exposed online

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
NGINX office in Moscow raided by police
Cyber Events

NGINX office in Moscow raided by police

350
How to identify malware on your phone with these 7 signs
How To

How to identify malware on your phone with these 7 signs

399
"The Smartest Lock Ever” KeyWe is Vulnerable to Hacking
Security

"The Smartest Lock Ever” KeyWe is Vulnerable to Hacking

165
Plundervolt: A new attack on Intel processors threatening SGX data
Security

Plundervolt: A new attack on Intel processors threatening SGX data

409

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us