Honeywell Midas gas detectors Vulnerable to Hacking

/0 Comments/in /by

I remember the time when ‘HACKING’ meant chopping into a piece of wood or a tree…. How things change.

As our world becomes more and more an IoT (Internet of Things), this type of incident is bound to occur more often.

I believe this is the first time that a gas detector has been able to be attacked by Hackers although there are no reports of this happening at the time of writing.

If you have either of these two versions:

  • Midas, Version 1.13b1 and prior versions, and
  • Midas Black, Version 2.13b1 and prior versions.

Then you should contact your local Honeywell Dealer or refer to the link below to get security updates to address this vulnerability.

 

There are TWO vulnerabilities that could be exploited by even a novice hacker:

PATH TRAVERSAL

The web server interface allows the authentication process to be bypassed, potentially allowing unauthorized configuration changes to be made to the device, as well as the initiation of calibration or test processes.

CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION

The user’s password is not encrypted during transmission.

 

 

LINKS:

To Download the Midas Security Update Package (SN 2015-10-14 01 Rev 03) go to

http://www.honeywellanalytics.com/en/products/Midas and click on the software tab

For more in depth explanation you can go to:

https://ics-cert.us-cert.gov/advisories/ICSA-15-309-02

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *