Equipment Maker Caught Installing Backdoor Account in Control System Code

EncryptedBytes · May 2, 2012

Source

A Canadian company that makes equipment and software for critical industrial control systems planted a backdoor login account in its flagship operating system, according to a security researcher, potentially allowing attackers to access the devices online.

The backdoor, which cannot be disabled, is found in all versions of the Rugged Operating System made by RuggedCom, according to independent researcher Justin W. Clarke, who works in the energy sector. The login credentials for the backdoor include a static username, “factory,” that was assigned by the vendor and can’t be changed by customers, and a dynamically generated password that is based on the individual MAC address, or media access control address, for any specific device.
Click to expand...

chronomatic · May 2, 2012

EncryptedBytes said:

Source
Click to expand...

I am sure this type of thing has been going on for a long time, either because governments (TLA's) tell them to or just because they are stupid. The problem with government backdoors is they sound good on paper, but they also introduce vulnerabilities that the "bad guys" can also take advantage of. The guy who discovered this flaw basically did it from his basement. Do we want to trust "mission critical" systems for the power grid that some guy from his basement can hack?

Log in or Sign up

Equipment Maker Caught Installing Backdoor Account in Control System Code

EncryptedBytes Registered Member

chronomatic Registered Member

Log in or Sign up

Equipment Maker Caught Installing Backdoor Account in Control System Code

EncryptedBytes Registered Member

chronomatic Registered Member

Useful Searches