Justin Clark, who back in April pinged industrial control vendor RuggedCom over a backdoor that existed in control systems based on its ROS operating system, has turned up a second vulnerability in the form of a hard-coded RSA key. The original backdoor was a simple undocumented account designed to provide admin access in case …
Honestly an undocumented account in this day and age? They must be keen on committees to decide features over @rugged as it certainly sounds like a committee decision. As for the hard-coded RSA key........
Fact is you should not be losing the info that allows you to manage such expensive high-reliance devices, store it securely ffs. Best working practise anyone? .....Guess not especially when you produce smart grid management devices.
Imagine that meeting when the idea got forced on the programmers
Manager1: Hey 5% of our customers have needed help regaining control of our devices over the last financial year. It's costing us to much to provide support to them.
Manager2: How about a super uber secret backdoor to allow them to regain control without having to contact us for support? Thus lowering our support costs even though our parent company *cough* prides it's self on being a service orientated provider of many technologies.
Manager3: Is that unsafe? An attackvectorthingymajig?
manager2: Ok.....(bleet bleet)
Manager3: Ok.....(bleet bleet)
Manager1: Done for the day gents. I'm off for some steak and strippers on the company coin!
- Vid Google opens Inbox – email for people too thick to handle email
- RUMPY PUMPY: Bone says humans BONED Neanderthals 50,000 years B.C.
- Pic Forget the $2499 5K iMac – today we reveal Apple's most expensive computer to date
- Geek's Guide to Britain Kingston's aviation empire: From industry firsts to Airfix heroes
- Is your home or office internet gateway one of '1.2 MILLION' wide open to hijacking?