Skip to main content
  1. Home
  2. Computing
  3. News

Not even your PC’s power supply is safe from hackers

Add as a preferred source on Google

Hackers have managed to find a way to successfully gain access to uninterruptable power supply (UPS) computer systems, according to a report from The Cybersecurity and Infrastructure Security Agency (CISA).

As reported by Bleeping Computer and Tom’s Hardware, both the Department of Energy and CISA issued a warning to organizations based in the U.S. that malicious threat actors have started to focus on infiltrating UPS devices, which are used by data centers, server rooms, and hospitals.

APC UPS backup battery sits on a desk.
Image used with permission by copyright holder

UPS devices allow companies to rely on emergency power when the central source of power is cut off for any given reason. If the attacks concentrated on these systems come to fruition, the consequences could prove to be catastrophic. In fact, it could cause PCs or their power supplies to burn up, potentially leading to fires breaking out at data centers and even homes.

Recommended Videos

Both federal agencies confirmed that hackers have found entry points to several internet-connected UPS devices predominantly via unchanged default usernames and passwords.

“Organizations can mitigate attacks against their UPS devices, which provide emergency power in a variety of applications when normal power sources are lost, by removing management interfaces from the internet,” the report stated.

Other mitigation responses the agencies recommended putting in place include safeguarding devices and systems by protecting them through a virtual private network, applying multi-factor authentication, and making use of effective passwords or passphrases that can’t be easily deciphered.

To this end, it stresses that organizations change UPS’s usernames and passwords that have remained on the factory default settings. CISA also mentioned that login timeout and lockout features should be applied as well for further protection.

Severe consequences

The report highlights how UPS vendors have increasingly incorporated a connection between these devices and the internet for power monitoring and routine maintenance purposes. This practice has made these systems vulnerable to potential attacks.

A prime example of hackers targeting UPS systems is the recently discovered APC UPS zero-day bugs exploit. Known as TLStorm, three critical zero-day vulnerabilities opened the door for hackers to obtain admin access to devices belonging to APC, a subsidiary of an electrical company.

If successful, these attacks could severely impact governmental agencies, as well as health care and IT organizations, by burning out the devices and disabling the power source remotely.

The number of cyberattacks against crucial services has been trending upwards in recent years as cybercriminals progressively identify exploits. For example, cyberattacks against health care facilities almost doubled in 2020 compared to 2019.

It’s not just large organizations that are being targeted — online criminals stole nearly $7 billion from individuals in 2021 alone.

Zak Islam
Former Contributor
Zak covers the latest news in the technology world, particularly the computing field. A fan of anything pertaining to tech…
This one app has single-handedly improved my Mac experience
It won't reinvent macOS. It will just quietly fix everything that annoys you about it.
Supercharge app

Every once in a while, you come across an app that fundamentally changes how you use your Mac. Over the past year, Supercharge has been that app for me. It packs hundreds of tweaks and features that solve macOS’s several annoyances and add improvements that upgrade the experience. 

While it will be hard to cover all its features in a single article, here are my favorite Supercharge features that have single-handedly improved my Mac experience. They've become such an integral part of my workflow that I now miss them whenever I use a Mac without Supercharge.

Read more
What is Copilot? Everything you need to know about Microsoft’s AI assistant
There’s a Copilot for almost everything now. Here’s which one you need
Microsoft Copilot Banner Featured

Microsoft has attached the Copilot name to so many products that a simple question like "What is Copilot?" now needs a little more context. There is the main Microsoft Copilot chatbot, Copilot inside Microsoft 365, GitHub Copilot for developers, Gaming Copilot for Xbox users, and a separate category of Windows laptops called Copilot+ PCs.

For most people, Microsoft Copilot means the company’s general-purpose AI assistant. So you'd expect it to answer questions, search the web, generate and edit images, and the rest of the usual AI chatbot features. You can access it through a browser or dedicated apps for Windows, macOS, Android, and iOS. It is also integrated into Microsoft Edge, the Xbox mobile app, and Game Bar on Windows 11.

Read more
I tried to parody the most absurd AI products, but the tech industry beat me to it
The joke was supposed to be that every household object gets cameras, AI insights, and a premium tier. Apparently, that’s now a business plan
Imaginary AI products

I wanted to invent an AI product so silly that no founder could turn it into a seed round.

It had to solve a problem nobody had, collect far more data than the problem deserved, and turn normal behavior into an insight that sounded vaguely disappointed in its owner. Somewhere around the third feature, it would ask for a subscription.

Read more