May 5, 2014
When hackers were unable to gain access to Target’s records through their main system, they went through its heating and cooling system. In other cases, hackers have used printers, thermostats, video-conferencing equipment and a Chinese takeout menu.
A Chinese takeout menu? Yes, when hackers couldn’t breach the computer network at a big oil company, they infected the online menu of a Chinese restaurant with malware that was popular with employees of the oil company. When workers browsed the menu, they inadvertently downloaded code that gave attackers a foothold in the business’ network.
Companies that are doing everything possible to seal up their systems are now having to look in the unlikeliest places for vulnerabilities. The situation has grown increasingly complex and urgent. Access to a network is given to all kinds of other computerized systems and services, including heating, ventilation and cooling systems, billing and expense systems, health insurance providers and even vending machines.
While security researchers are often employed to find such leaks in a system, it is now becoming as difficult as finding a needle in a haystack.