Computer hackers are targeting internet-enabled catering equipment as a way to break into IT networks and access company data, it has emerged.
With many commercial kitchen appliances now connected to the web, restaurants are being forced to make sure they have the necessary provisions in place to ensure they don’t become victims of an attack.
According to a report in The Times, one unnamed fast food operator had its IT system violated after hackers broke in via a refrigeration unit.
The business had started using a “smart” refrigeration system that connects to the internet but hackers found a way of using it to gain control of the company’s data.
The brand of refrigeration was not disclosed, but cyber-security firm Darktrace, which revealed the attempted breach, said it spotted the incident and thwarted the attack before any damage was done.
Chief executive, Nicole Eagan, said fridges aren’t the only appliances that hackers are trying to exploit. “We’ve seen attacks on internet-connected cappuccino makers, vending machines and smart lightbulbs,” she said.
Details of such threats certainly raise important security questions for the catering equipment industry.
Many commercial appliances – from combi ovens and dishwashers to cookers and ice machines – are now software- and internet-enabled so that updates, file sharing and remote diagnostics can be performed easily.
Eagan said there was no limit to the gadgets being targeted by hackers. “Everything is connected these days, which means these things can be attacked and used to get into corporate networks and do harm.”
Finding a route through internet connected devices such as items of catering equipment may be seen by hackers as means of gaining indirect access to information held on the server”
FEJ approached a number of catering equipment suppliers for their reaction to the suggestion that hackers might be targeting networked catering equipment.
Winterhalter recently launched ‘Connected Wash’, a system that utilises the latest digital technologies to make warewashing more efficient, reliable and controllable.
Managing director, Stephen Kinkead, said that from the outset, the security of the ‘Connected Wash’ development was integral.
“All of the communication is coded so that the machine and customer data cannot be read by third parties. The Winterhalter hardware is secured so that it only ‘speaks’ with our servers. In addition we are currently working on an autonomous solution where we will be fully independent of customers’ IT infrastructure,” he explained.
Since launching web-enabled dishwashers, Mr Kinkead said the challenge was always to minimise risks and ensure a safe connection to the IT system on site.
“We provide guidelines for the firewall settings to all our ‘Connected Wash’ customers. We want to ensure that the firewall gateways are not vulnerable. We do not take over the full IT consultation of our customers. There is some onus on the operator to set up their systems accordingly, as there would be with any networked hardware.”
Another company with its eye firmly on the ball where this topic is concerned is Monika, which provides systems that wirelessly monitor cold rooms, fridges, freezers and other appliances in real time.
Simon Wood, technical manager at Monika, said he was not surprised that hackers might be targeting catering equipment.
He said: “Generally the internet connection to the specific site is the main point of remote entree, but firewalls exist to prevent direct access to the company server where this data is stored. Finding a route through internet-connected devices such as items of catering equipment may be seen by hackers as means of gaining indirect access to information held on the server.
“Where the data stream to and from the catering equipment is direct to its controller via the corporate IT infrastructure, hackers may be able to use this route to open up the link to the server.”
To help prevent against such attacks, Monika specifically uses the ZigBee wireless mesh networking protocol to build a data connection within the business, which is totally independent of the WiFi network. Secure sensors are installed in the devices to be connected.
“The network is controlled from the ZigBee hub, using management software designed by Monika,” he added. “Depending on business size, a site may contain one or more such Monika hubs. These can be connected directly to an offsite Monika Cloud Server, where the site’s Monika system is managed and customer data is stored. For total independence from the customer’s own server and computer network, we would recommend a GPS modem with sim card to be connected to each hub. The operator would then access data using the dedicated Monika web browser. Alternatively, hubs can be linked to the Monika Cloud or to the business’ own server using their specified network.”
Mr Wood said that “ultimately” it is the customer’s IT function that sets the rules for network security, and the technology that companies such as Monika provide is then set up to operate within these rules.
According to research house Gartner, some 13.5 billion connected devices will be in use around the world by 2020.