In association with heise online

23 August 2012, 09:58

Another backdoor in networking hardware for industrial systems

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

"Rugged environments" such as those in power plants and at military sites are the main area where Rugged OS is used.
Source: RuggedCom
Security researcher Justin W. Clarke reports that all systems based on the proprietary Rugged OS use a hard-coded private RSA key to encrypt their secure SSL connections. As recently as April, the same researcher discovered undocumented backdoors in devices from Siemens subsidiary RuggedCom that are mainly used in power plants, in military environments and in traffic control.

The private key would allow intruders to intercept network traffic that is protected via SSL. The ICS-CERT, which specialises in industrial control systems, has now released an alertPDF to inform the operators of critical infrastructure components of this potential danger. The ICS-CERT says that it is working with the developers and the security researcher to "identify mitigations". It seems that the researcher didn't want to repeat his previous effort this time – last time, Clarke notified the Canadian company of the security holes in a confidential report, but the company didn't fix them for over a year.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit