Another backdoor in networking hardware for industrial systems
Source: RuggedCom Security researcher Justin W. Clarke reports that all systems based on the proprietary Rugged OS use a hard-coded private RSA key to encrypt their secure SSL connections. As recently as April, the same researcher discovered undocumented backdoors in devices from Siemens subsidiary RuggedCom that are mainly used in power plants, in military environments and in traffic control.
The private key would allow intruders to intercept network traffic that is protected via SSL. The ICS-CERT, which specialises in industrial control systems, has now released an alert to inform the operators of critical infrastructure components of this potential danger. The ICS-CERT says that it is working with the developers and the security researcher to "identify mitigations". It seems that the researcher didn't want to repeat his previous effort this time – last time, Clarke notified the Canadian company of the security holes in a confidential report, but the company didn't fix them for over a year.