Posted on 01/19/2016 7:35:57 PM PST by Utilizer
Internet-connected industrial devices could be accessible to anyone, with no password, thanks to a coding error by a gateway manufacturer.
Taiwanese firm Advantech patched the firmware in some of its serial-to-IP gateway devices in October to remove a hard-coded SSH (Secure Shell) key that would have allowed unauthorized access by remote attackers.
But it overlooked an even bigger problem: Any password will unlock the gateways, which are used to connect legacy serial devices to TCP/IP and cellular networks in industrial environments around the world.
Researchers from security firm Rapid7 discovered the vulnerability in the revised firmware, version 1.98, released for the Advantech EKI-1322 Internet protocol (IP) gateway which can connect serial and Ethernet devices to a cellular network.
The firmware contains an open-source SSH server called Dropbear that has been heavily modified. As a result of these modifications, it no longer enforces authentication, allowing any user to connect to it with any public key and password, the Rapid7 researchers said in an advisory.
(Excerpt) Read more at csoonline.com ...
Coding “error”.
All your robot are belong to crackers. ;-)
Thank you, Reverant Al! (Just kidding, mate! :) )
LOL! I’m a linguistic Luddite.
For folks who didn’t “hack” circa mid-1990s and before, a hacker is one who tries risky code modifications, trial and error to get some package or feature working. A cracker is one who covets, sodomizes and violates the systems of others.
NetBSD is a great embedded system, by the way, for anyone with more time, less money and high reliability standards and security standards for industrial controls.
ICS SCADA information security Ping.
Maybe you can explain the difference between KNOS secure desktop and Tails ..... if ya have time.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.