Slashdot Mirror

← Back to Stories (view on slashdot.org)

Backdoor In RuggedOS Systems: Infrastructure, Military Systems Vulnerable

Posted by Unknown on Wednesday April 25, 2012 @03:44AM from the steal-me-up-some-electricity dept.

FhnuZoag writes "A backdoor has been found in Canadian based RuggedCom's 'Rugged Operating System', providing easy access to anyone with the devices's MAC address — something often publically displayed. Rugged OS is being used in a wide range of applications, including traffic control, power generation, and even U.S. Navy bases. The backdoor was first found over a year ago, and RuggedCom have so far refused to patch out the exploit." The exploit is trivial: each device has a permanent "factory" user, and an automatically generated password derived from the MAC.

2 of 154 comments (clear)

Min score:

Reason:

Sort:

PCI-DSS and others by Alioth · 2012-04-25 03:58 · Score: 5, Interesting

Using this device would mean you would fail PCI-DSS and probably a few other widely used standards (ISO-27001 for example). One of the first requirements in these standards is that default vendor passwords be changed. You can't change it or even disable it.

--
Oolite: Elite-like game. For Mac, Linux and Windows
1. Re:PCI-DSS and others by h4rr4r · 2012-04-25 04:02 · Score: 4, Interesting
  
  From what I have seen, the PCI audit company would pass you anyway or the company would find another that would pass them. This is the main problem with PCI. As the entity that is being certified pays for the service they choose an auditor that will pass them. The correct way to do it would be if the industry paid for this service.