Ski Lift In Austria Left Control Panel Open On the Internet

An anonymous reader writes: Officials from the city of Innsbruck in Austria have shut down a local ski lift after two security researchers found its control panel open wide on the Internet, and allowing anyone to take control of the ski lift's operational settings. There was no authentication in place, and anyone accessing the control panel could have modified the ski lift's speed, the distance between cable cars, and cable tension.

Coincidentally, researchers discovered the ski lift's control panel on the same day that NBC ran a report about a ski lift system suffering a mechanical malfunction, going at crazy speeds, and injuring 10 people. Both ski lifts were from the same vendor, but researchers say they weren't aware of the NBC report when they stumbled upon the one in Austria. Innsbruck officials shut down the ski lift for a security audit, and the ski lift is still nonoperational today.

Why does this need Internet

Can anyone explain why a ski lift could possibly need Internet-connected settings? What possible benefit is there to being able to control it if you aren't physically there to judge the operating conditions and environment, and to watch the customers?

Re:Why does this need Internet

[iggymanz]

it pisses me off enough that at work we have faucets in the washroom that need the fucking batteries changed before they will dispense water. now young "engineers" think everything has to be internet connected too. fucking 'ooo shiny gadget toy' syndrome run amok

Re:Why does this need Internet

This is often done for vendor support purposes. If something goes wrong, you want the dummy operator to get help from a person who knows the system. Remote control access to heaters in business and government buildings is very widespread too, for the same reason. They just shouldn't be on the open internet, and the control panel should have built-in encryption and authentication, so that even if it is exposed to the internet, it can't be hijacked.

Re:Why does this need Internet

[iggymanz]

because faucets with foot pedal or that can be activated with elbow don't exist?

it's a sanitation improvement when the thing doesn't work at all?

get real anon, stop trying to defend the mental retardation

Re:Why does this need Internet

[war4peace]

It doesn't. It needs a network-connected web interface, but to most... let's say "not IT companies" such a ski resort, there's no difference. These companies have one network, usually wholly connected to the Internet, and that's it. Default security and whatnot.
Why does this happen? Simple, really. They see IT as "the cheapest dude we could find to take care of the internet stuff". And so they hire that dude, which let's be honest, won't be someone who dropped $30K on classes and spent 5 years studying networking.

One thing leads to another and voila, critical systems exposed to the Internet. Could be just a checkmark in config panel, such as "open CP to the Internet", which someone thought it would be a good idea. or a manager asking for it to see the default dashboard.

Re:Why does this need Internet

[vtcodger]

So, the repair person flies to the nearest large city, drives a rental car 70km at 25kph through a raging blizzard, hangs out for 45 minutes while the ski area finds someone who can open up the ski rental area, finds skis and boots that don't fit too badly, slogs 500 meters through the ongoing blizzard to get to the control shed ... Only to find that someone has changed the standard password. ... and that there is no cellphone service available at the control shed.

Sounds like a giant leap forward for mankind to me.

They say

[Tablizer]

I hear it got infected by the S0nnyB0n0 virus.

Re:They say

I hear it got infected by the S0nnyB0n0 virus.

Thanks for Cher-ing that.