Another backdoor in networking hardware for industrial systems

Another backdoor in networking hardware for industrial systems.


“Rugged environments” such as those in power plants and at military sites are the main area where Rugged OS is used. 
Source: RuggedCom
Security researcher Justin W. Clarke reports that all systems based on the proprietary Rugged OS use a hard-coded private RSA key to encrypt their secure SSL connections. As recently as April, the same researcher discoveredundocumented backdoors in devices from Siemens subsidiary RuggedComthat are mainly used in power plants, in military environments and in traffic control.

The private key would allow intruders to intercept network traffic that is protected via SSL. The ICS-CERT, which specialises in industrial control systems, has now released an alertPDF to inform the operators of critical infrastructure components of this potential danger. The ICS-CERT says that it is working with the developers and the security researcher to “identify mitigations”. It seems that the researcher didn’t want to repeat his previous effort this time – last time, Clarke notified the Canadian company of the security holes in a confidential report, but the company didn’t fix them for over a year.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s