Cyberattackers Make Waves in Hotel Swimming Pool Controls

  /     /     /  
Publicated : 23/11/2024   Category : security

Cyberattackers Make Waves in Hotel Swimming Pool Controls


Pool controllers exposed to the Internet with default passwords let threat actors tweak pool pH levels, and potentially more.


After the hacktivist group GhostSec bragged it had breached a hotel pool controller in Israel, a team of researchers decided to take a deep dive. 
The cyberattack group didnt provide details about the
operational technology (OT) breach
, but researchers at Otorio found two Aegis II controllers exposed to the Internet with default passwords. The Aegis II controller is used to control the chemical concentration in water in locations such as pools. 
Last week, GhostSec first claimed it breached 55 Berghof
programmable logic controllers (PLCs)
across Israel. On Sept. 10, the group claimed it had control over an unidentified hotels pool water system. 
GhostSec warned in a posted message that while it has control of the pools pH and chlorine levels, it wasnt interested in using the access to harm innocent people. The threat actors simply wanted to demonstrate the kind of damage they could do, the post added. 
Our research found two pool controllers that could be affected, the
Otorio report said
. While we do not know for certain, it appears that the most likely aim of the breach was for the attackers to demonstrate that they had the ability to control the waters pH in the hotels pools as GhostSecs Telegram message alleged.
The researchers noted that the incident underscores the potential dangerous real-world implications of OT cyberattacks. 

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Cyberattackers Make Waves in Hotel Swimming Pool Controls