Justin Clark, who back in April pinged industrial control vendor RuggedCom over a backdoor that existed in control systems based on its ROS operating system, has turned up a second vulnerability in the form of a hard-coded RSA key. The original backdoor was a simple undocumented account designed to provide admin access in case …
Honestly an undocumented account in this day and age? They must be keen on committees to decide features over @rugged as it certainly sounds like a committee decision. As for the hard-coded RSA key........
Fact is you should not be losing the info that allows you to manage such expensive high-reliance devices, store it securely ffs. Best working practise anyone? .....Guess not especially when you produce smart grid management devices.
Imagine that meeting when the idea got forced on the programmers
Manager1: Hey 5% of our customers have needed help regaining control of our devices over the last financial year. It's costing us to much to provide support to them.
Manager2: How about a super uber secret backdoor to allow them to regain control without having to contact us for support? Thus lowering our support costs even though our parent company *cough* prides it's self on being a service orientated provider of many technologies.
Manager3: Is that unsafe? An attackvectorthingymajig?
manager2: Ok.....(bleet bleet)
Manager3: Ok.....(bleet bleet)
Manager1: Done for the day gents. I'm off for some steak and strippers on the company coin!