Sign in to follow this  
Followers 0
RVaughan

Equipment Maker Caught Installing Backdoor Account in Control System Code

5 posts in this topic

http://www.wired.com/threatlevel/2012/04/ruggedcom-backdoor/ Hmm... What need does the equipment maker have for a backdoor in installed equipment? What right do they have? Will this behavior affect the industry's purchasing decisions? Edited by RVaughan

Share this post


Link to post
Share on other sites
Interesting, thanks

Share this post


Link to post
Share on other sites
I have never used these products before, nor ever even considered them for a project. I do not know their motives, either, but consider at least that it is a useful feature for end users who lose their passwords. This would enable them to provide a reset password for a device, and not give away 'root' access to all devices everywhere. I know of other devices that have this capability of a reset mechanism based on MAC address. I would prefer it not exist, but I see the point. I read the article with interest and what bothers me is not so much the backdoor - but the ease at which it was cracked (bad) and the fact they blew it off (even worse). I checked their website - they have security products - who would trust those products now - knowing how they deal (or don't deal) with security issues? Unacceptable.

Share this post


Link to post
Share on other sites
In today's integrated world and potential to damage or do harm in a power or water network there is no room for a "back door" in any of its devices especially one that gives an outsider access to the network, either onsite or offsite. If they need a means of overcoming a lost log-on it needs to be a way to set the unit back to factory defaults, which would take it off the network and necessitate a new configuration and/or program. Edited by RussB

Share this post


Link to post
Share on other sites
And for safety the ability to reset to Factory Defaults must be done by either a validated logged on admin user or by being physically present at the device.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0