Kamis, 26 April 2012

'Back door' leaves factories, traffic control systems and even U.S. military equipment open to cyber attacks

'Back door' leaves factories, traffic control systems and even U.S. military equipment open to cyber attacks

  • 'Military specification' equipment used by U.S. forces and Navy
  • Researcher uncovers easily 'hackable' back door
  • Standard password allows even unskilled hackers access
  • Company acknowledges problem - but just advises users to disconnect

By Rob Waugh

|


A 'back door' in supposedly 'ultra-secure' systems offered by a Canadian security company has left the U.S. military vulnerable to foreign cyber attack.

Ruggedcom, which markets its 'high security' equipment as 'military specification' has a 'back door' that even unskilled hackers could penetrate.

An easily crackable password could give hackers access to the systems - which are often used to control military equipment, traffic systems and even power grids.

uggedcom, which markets its 'high security' equipment as 'military specification' has a 'back door' that even unskilled hackers could penetrate

Ruggedcom, which markets its 'high security' equipment as 'military specification' has a 'back door' that even unskilled hackers could penetrate

The Canadian company behind the equipment is keen to boast of its 'military-grade' security.

'The RuggedSwitch family of rugged Ethernet switches are specifically designed to operate reliably in harsh military environments,' says the company.

'Ideally suited for a number of military applications including navy, army, and air force, these products are ideal for creating mission-critical, real-time, control applications in many harsh and 'extreme' operating environments.'

Except, of course, the equipment is completely unprotected against malicious hackers, it is claimed.

The devices have a single, unchangeable username - factory - and hackers can access them using a MAC address - information that is often publicly available.

'They knew it was there,' security researcher Justin W Clarke told Wired's Threat Level blog. 'They stopped communicating with me after that.'

'The RuggedSwitch family of rugged Ethernet switches are specifically designed to operate reliably in harsh military environments,' says the company

'The RuggedSwitch family of rugged Ethernet switches are specifically designed to operate reliably in harsh military environments,' says the company

Since Clarke's discovery, Ruggedcom has issued a statement urging users to disconnect their equipment - but has yet to fix the problem.

'RuggedCom recommends to our ROS customers that they disable device access via Telnet and RSH after initial device configuration is complete. Leaving these protocols enabled represents a security issue that is currently under investigation by RuggedCom,' says the company.

'RuggedCom is continuing to investigate this issue and will provide updates as more information becomes available.'





Tidak ada komentar:

Posting Komentar