Florida Water Hack exhibits the specter of distant entry safety vulnerabilities
On February 8, 2021, Pinellas County, Florida officials announced that a hacker had twice remotely gained access to the city of Oldsmar’s water treatment system and was able to change the setting for sodium hydroxide in the water supply. The incident highlights the danger to local information systems and the dangers of security breaches through remote access.
In a press conference, Pinellas County Sheriff Bob Gualtieri emphasized that the sodium hydroxide levels in the county’s water had not actually changed because a water system operator noticed the change in setting and vice versa. Sodium hydroxide is used in public water systems to prevent corrosion of pipes. However, it can burn skin and be fatal to humans if ingested in large quantities.
Sheriff Gualtieri added that the Oldsmar water system can be accessed with pre-installed remote access software that “allows authorized users to troubleshoot system problems from other locations.” The software known as TeamViewer is widely used for remote access and troubleshooting in IT.
Upon learning of the incident, the county took steps to “stop any further remote access to the system,” and contacted the FBI and Intelligence to investigate.
Read the press conference on this incident.