- 'Military specification' equipment used by U.S. forces and Navy
- Researcher uncovers easily 'hackable' back door
- Standard password allows even unskilled hackers access
- Company acknowledges problem - but just advises users to disconnect
By Rob Waugh
|
A 'back door' in supposedly 'ultra-secure' systems offered by a Canadian security company has left the U.S. military vulnerable to foreign cyber attack.
Ruggedcom, which markets its 'high security' equipment as 'military specification' has a 'back door' that even unskilled hackers could penetrate.
An easily crackable password could give hackers access to the systems - which are often used to control military equipment, traffic systems and even power grids.
Ruggedcom, which markets its 'high security' equipment as 'military specification' has a 'back door' that even unskilled hackers could penetrate
The Canadian company behind the equipment is keen to boast of its 'military-grade' security.
'The RuggedSwitch family of rugged Ethernet switches are specifically designed to operate reliably in harsh military environments,' says the company.
'Ideally suited for a number of military applications including navy, army, and air force, these products are ideal for creating mission-critical, real-time, control applications in many harsh and 'extreme' operating environments.'
Except, of course, the equipment is completely unprotected against malicious hackers, it is claimed.
The devices have a single, unchangeable username - factory - and hackers can access them using a MAC address - information that is often publicly available.
'They knew it was there,' security researcher Justin W Clarke told Wired's Threat Level blog. 'They stopped communicating with me after that.'
'The RuggedSwitch family of rugged Ethernet switches are specifically designed to operate reliably in harsh military environments,' says the company
Since Clarke's discovery, Ruggedcom has issued a statement urging users to disconnect their equipment - but has yet to fix the problem.
'RuggedCom recommends to our ROS customers that they disable device access via Telnet and RSH after initial device configuration is complete. Leaving these protocols enabled represents a security issue that is currently under investigation by RuggedCom,' says the company.
'RuggedCom is continuing to investigate this issue and will provide updates as more information becomes available.'
- Outrage as Egypt plans 'farewell intercourse law' so...
- Never-before-seen photos from 100 years ago tell vivid story...
- Brazilian prostitute had collar bone broken when three U.S....
- By 'eck! It's Yorkshire's Robinson Crusoe: Brit who bought a...
- Jamie is 13 and hasn't even kissed a girl. But he's now on...
- 'They couldn't be further apart!': John Edwards' mistress...
- Worst fans ever: TV commentators shocked as couple catch,...
- 'What you looking at?' Hilarious gallery showcases the...
- Why analytical thinking can destroy your faith in God (even...
- School of Rock: Never-before-seen pictures of Mick Jagger...
- Stunning images unveiled in nature photography...
- Is this the world's worst boyfriend? Man clad in balaclava...
Tidak ada komentar:
Posting Komentar