UK Ministry of Justice secures HVAC systems ‘protected’ by passwordless Wi-Fi after Register tipoff

The Ministry of Justice has secured a set of Wi-Fi access points that potentially gave admin access to industrial control equipment after a tipoff by The Register.

Four unsecured wireless networks named “Boiler Pump 1” to “Boiler Pump 4” were freely accessible in the Royal Courts of Justice (RCJ) until The Register told officials what was happening.

The networks were all viewable from the ground floor of the Queen’s Building, a 1960s extension to the original neo-Gothic court building. The RCJ houses Britain’s most senior civil courts, including the Court of Appeal.

A source told us that connecting to the passwordless access points exposed a login page for what appeared to be an industrial control system developed by Armstrong Fluid Technology. Armstrong’s website hosts PDF copies of equipment manuals complete with default administrator passwords, referred to by Armstrong as “Level 2” access.

Full article

Scroll to Top