Slashdot Mirror

← Back to Stories (view on slashdot.org)

Private Key Found Embedded In Major SCADA Equipment

Posted by Soulskill on from the you-didn't-think-this-through dept.

sl4shd0rk writes "RuggedOS (A Siemens Subsidiary of Flame and Stuxnet fame), an operating system used in mission-critical hardware such as routers and SCADA gear, has been found to contain an embedded private encryption key (PDF). Now that all affected RuggedCom devices are sharing the same key, a compromise on one device gets you the rest for free. If the claims are valid, systems in use which would be affected include U.S. Navy, petroleum giant Chevron, and the Wisconsin Department of Transportation. The SCADA gear which RuggedOS typically runs on is often connected to machinery controlling electrical substations, traffic control systems, and other critical infrastructure. This is the second security nightmare for RuggedCom this year, the first being the discovery of a backdoor containing a non-modifiable account."

4 of 105 comments (clear)

  1. Well... Surprise! Surprise! Surprise! by gestalt_n_pepper · · Score: 5, Interesting

    And what do you want to bet that the backdoor came from an unfriendly foreign power in the form of an intern or a contract programmer? Takers? Any takers on that action?

    Note to Siemens and the US military: You are not magically protected from software sabotage, particularly when you farm out your software production overseas.

    --
    Please do not read this sig. Thank you.
    1. Re:Well... Surprise! Surprise! Surprise! by FhnuZoag · · Score: 4, Interesting

      We're talking about a Canadian company who, when confronted with the backdoor earlier this year, refused to fix it. So it's safe to say that the company just doesn't care about security. Check you sinophobia at the door, please.

  2. Re:Rule One by Anonymous Coward · · Score: 2, Interesting

    I couldn't help but notice that one of the players on the U.S. women's volleyball Olympic team was named "Destiny Hooker." I don't know what her parents had in mind for her, but she is a hell of a volleyball player.

  3. Re:Not a surprise by FhnuZoag · · Score: 4, Interesting

    RuggedOS was a recent acquisition by Seimens from a Canadian firm, who had various security worries before its sale, but took care to suppress such news to preserve its valuation. It's doubtful there's any German government involvement. What actually seems to have happened is that the RuggedOS was just a huge turd of a product, which its new owners are slowly coming to discover.