Tridium’s Security Vulnerability

Hot news from The Washington Post: A computer service company,  Tridium, based in Richmond, VA, whose Niagara Framework runs an estimated 11 million devices and machines in 52 countries, has, it is reported, serious security issues that could compromise the integrity of their user’s systems.

Niagara was designed for premises automation including security and surveillance systems and The WashingtonPost article revealed that “a pair of security researchers decided on their own to zero in on Niagara and discovered gaps that would enable hackers to download and decrypt user names and passwords.”

Tridium’s CEO, John Sublett, is quoted in article as saying ““We’re not going to say Niagara is secure … We try to soften it and say we’re trying to make it as secure as possible.”

According to TWP, “Sublett said executives learned about the vulnerabilities almost a year ago, when a Niagara customer that uses the software to manage Pentagon facilities turned up issues in an audit. He said Tridium is now working on fixes. The firm also is doing more to train customers about security than in the past.”

The implications of this security problem are not to be underestimated. What’s important about this story is the scale of the potential threat: Tridium services support enterprises (including the US Defense Department and scores of educational establishments) and every kind of organization down to individual consumer homes and the potential for run-of-the-mill hacking right through to industrial and military espionage appears to be of biblical proportions.

This will be a story to watch.

Learn More:

Author: Mark Gibbs, Forbes

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s