It’s bad enough that chairlifts sometimes have a mind of their own. Just imagine if the operating system controlling your resort’s chairlift system was to be accessed remotely by hackers and the carnage they could initiate.
That nightmare could have become a reality recently for Patscherkofel Ski Resort in Austria area who recently discovered a major security flaw with their gondola: it could be remotely controlled by hackers, reports TGR.
Not only is their gondola operating system completely vulnerable to cyber attacks, but unscrupulous hackers had the potential ability to control the most minute of details pertaining to the lift.
According to Hack Read, a savvy enough person could remotely start, stop, reverse, change the safety distance between cars, and even configure the tension in the cables.
The major flaw was discovered by white-hat hackers Sebastian Neef and Tim Philipp Schäfers, which easily thwarted the “superlative safety level” of the lift.
“The control of the Patscherkofelbahn was accessible via a web interface unencrypted and without the need for authentication via the internet,” Schäfers explained.
The manufacturer of the lift, The Dopplmayr/Garaventa group, is known for their production of ropeways, ski lifts, and cable cars. Since the recent findings, the manufacturer has claimed to have addressed the issue. However, the National Computer Emergency Response Team of Austria has halted the use of the lift until an effective security system is in place.
The control unit of a Ski lift gondola in Austria was exposed to the internet, allowing you to start/stop/reverse it and even configure the steel cable tension! 😮 #internetofshit Article: (German) https://t.co/4pDbmXszQ9 pic.twitter.com/EslM0fcJ3o
— svbl (@svblxyz) April 19, 2018
This incident eerily echoes previous issues surrounding cyber security for Austria. Last year the Romantik Seehotel Jaegerwirt—an infamous 111-year-old hotel—had its reservation and electronic key lock system compromised. The attack forced the hotel management to pay a ransom to the hackers to unlock the rooms of guests.
Imagine what could have happened if the vulnerability wasn’t identified by white-hat hackers but cybercriminals?