Slashdot Mirror

← Back to Stories (view on slashdot.org)

Private Key Found Embedded In Major SCADA Equipment

Posted by Soulskill on from the you-didn't-think-this-through dept.

sl4shd0rk writes "RuggedOS (A Siemens Subsidiary of Flame and Stuxnet fame), an operating system used in mission-critical hardware such as routers and SCADA gear, has been found to contain an embedded private encryption key (PDF). Now that all affected RuggedCom devices are sharing the same key, a compromise on one device gets you the rest for free. If the claims are valid, systems in use which would be affected include U.S. Navy, petroleum giant Chevron, and the Wisconsin Department of Transportation. The SCADA gear which RuggedOS typically runs on is often connected to machinery controlling electrical substations, traffic control systems, and other critical infrastructure. This is the second security nightmare for RuggedCom this year, the first being the discovery of a backdoor containing a non-modifiable account."

3 of 105 comments (clear)

  1. Of course it has a private key by Anonymous Coward · · Score: 5, Insightful

    That part isn't the story. The story is the fact that they all have the same one. That part is insanity. Without key lifecycle management, including creation, distribution, and revocation, you might as well not use asymmetric encryption at all.

  2. Re:Rule One by Spritzer · · Score: 4, Insightful

    The proper term is "Erotic Interaction Specialist" and the name is all part of the experience that you're paying for.

  3. Re:Well... Surprise! Surprise! Surprise! by CanHasDIY · · Score: 4, Insightful

    And what do you want to bet that the backdoor came from an unfriendly foreign power in the form of an intern or a contract programmer?

    Meh; gross incompetence is far more likely, considering history...

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese