My spouse sent me an article today: http://www.dailydot.com/technology/commadore-amiga-computer-school-air-conditioning/. I read the article, and it scares me. The article states that an old Commodore Amiga machine controls the heat and air conditioning of the district's schools. This is one of the most fearsome sections in the article:
"It's one of those features, the 1200-bit modem and a wireless radio
signal, that makes it possible for the ancient hardware to communicate
with the district's schools. Though the radio signal allows the Amiga to get status checks, toggle
boilers, fans, and the like in a matter of seconds, it also communicates
at the same frequency as the walkie-talkies used by the maintenance
department. This creates occasional interference and requires the
maintenance crew to shut off their radios for up to 15 minutes at a
time."
I noted that the old machine needs to be replaced. Some people would say, "Why get rid of something that works?"
Here is why: My spouse and I were conversing, and he mentioned that the Amiga is transmitting a wireless frequency. Since this machine was made in the 80's, the wireless signal may not be encrypted. Anyone with a wireless sniffer, like aircrack-ng, could sniff this traffic, and potentially inject commands, which means that they could control the heat and air-conditioning. When they have control over the heat and air-conditioning, they could cause the boilers in the schools to explode by changing the settings.
People wonder why someone would target a school. There's a few reasons that I can think of. I'm sure that there are more. One) A disgruntled employee with technical knowledge wants to get revenge because they are not getting the pay that they would like, or they've been fired. Two) A disgruntled student isn't happy with being in school for some reason-bullying, no one is dating them, they're mentally unstable, etc. Three) A terrorist who can have one of many reasons to do such a thing.
There was money set aside to pay for replacing the machine. The
school opted to take care of other projects instead. I can't say that I blame them with the information that they have, replacing the boilers and roofs, and removing asbestos was important at the time.
"It was expected the outdated system would be replaced in 2011 when
voters passed a "Warm Safe and Dry" bond to release money to the
district schools for upkeep and maintenance purposes. Because the
computer was still functioning just fine, it didn't make the list of
projects. Instead, the money was spent replacing boilers and roofs and
removing asbestos."
So, it wasn't a
matter of not having enough money in the budget, this just wasn't a
priority. There needs to be more awareness raised about the dangers of unsecured control systems. Even if they don't think that they are a target, they could be.
At least they mention planning on replacing it now... if a 175 million bond for school spending is passed.
"A new system will cost up to $2 million, and will be installed if voters pass a $175 million bond for school spending."
Last, if this school has an ancient machine running their control systems, it makes me worry about what other control systems are being controlled by ancient machines and how secure they are.
No comments:
Post a Comment