"It is very unfortunate that quite a lot of home appliances have such poor security. Vulnerabilities may occur on the website they use or arise from the use of default passwords," Mark Lintula, security expert from the Finnish Cyber Security Center, told Yle.
Most often, the manufacturer uses identical passwords for their products, such as "admin" and "123456." For instance, Swedish Ouman company was reported to be still using default passwords on their nearly ten-year-old automation systems. The majority of Finnish properties utilize Ouman's building and energy saving automation solutions to reduce energy expenditure. According to Yle, a large number of customers never bother to change their passwords, which opens the door for potential unauthorized log-ins with unknown consequences.
"In Linköping, hot water suddenly disappeared from a housing association. Later, a cyber-intrusion was discovered, as someone had turned off the hot water as a prank," Leif Nixon said. "When such things happen, say, in February, things start to freeze and this may lead to serious damage," he added.
The Finnish Cyber Security Center also warned of so-called botnets, which specialize in finding vulnerable Internet-connected devices. Furthermore, several automation systems in Finland were reported to have sent spam or performed Denial-of-service attacks.
"We have had several examples of heat pumps and examples of elevators participating in DDoS attacks," Markus Lintula said.
With the spread of the Internet of Things, the number of potential targets is expected to rise further.