Backdoor In RuggedOS Systems: Infrastructure, Military Systems Vulnerable

FhnuZoag writes "A backdoor has been found in Canadian based RuggedCom's 'Rugged Operating System', providing easy access to anyone with the devices's MAC address — something often publically displayed. Rugged OS is being used in a wide range of applications, including traffic control, power generation, and even U.S. Navy bases. The backdoor was first found over a year ago, and RuggedCom have so far refused to patch out the exploit." The exploit is trivial: each device has a permanent "factory" user, and an automatically generated password derived from the MAC.

Re:Nothing is 100% secure.

[yoyoq]

never get involved in a land war in Asia Never go against a Sicilian when death is on the line

Re:exploit

[idontgno]

It really isn't 6 bytes either. Since RuggedCom has two registered MAC OUIs (grep for "RuggedCom"), it's only 24 bits to brute-force over two possible 3-byte manufacturer prefixes.

Yeah. Fail-flavored failure-stuffed failure topped with fail gravy.