Reporters from the newspaper found that, with just a few mouse clicks, they could manipulate heating, ventilation, fire alarms and locks in hundreds of Swedish properties that are fitted with security provided by IT firm Kabona.
“The fact that you can gain control over hundreds of properties’ control systems is really frightening,” said Leif Nixon, security coordinator at Linköping University’s National Supercomputer Centre.
Nixon assisted Dagens Nyheter in its investigation and told the newspaper that the vulnerability of the systems constitutes a threat to the nation’s security.
”The fact that the system is exposed on the internet, that’s very serious… If you can affect and in a simple way steer the ventilation system, for instance, of buildings then of course that is very serious,” said Lars-Göran Emanuelson, department heat at the Swedish Civil Contingencies Agency.
Dagens Nyheter stressed it had not broken any laws by testing security in several Swedish properties. The newspaper even managed to activate the church bells of a church in Hedemora via a computer. It claimed that lighting, heating and ventilation systems are easy to hack into and that it would take just a few minutes to cause chaos, and potentially material damage, in hundreds of properties at once.
Kabona CEO Kjell Carlberg said the company will now review its security systems but added that that the newspaper’s investigation focused on just a few types of security systems. The company operates many other kinds of equipment that the newspaper had not found and that are not accessible via the internet, Carlberg said.