Backdoor Account Found On Devices Used By White House, US Military

An anonymous reader writes: A hidden backdoor account was discovered embedded in the firmware of devices deployed at the White House and in various US Military strategic centers, more precisely in AMX conference room equipment. The first account was named Black Widow, and after security researchers reported its presence to AMX, the company's employees simply renamed it to Batman thinking nobody will notice. AMX did remove the backdoor after three months. In its firmware's official release notes, AMX claimed that the two accounts were only used for debugging, just like Fortinet claimed that its FortiOS SSH backdoor was used only internally by a management protocol.

Just What the Government Wants - Backdoors

[BoRegardless]

That way they can monitor EVERYTHING, everywhere, including subversives in the White House that might foil FBI, NSA & CIA operations.

Distinctions

[Bovius]

"AMX claimed that the two accounts were only used for debugging,"

No, you only use them for debugging.

Even if we choose to trust that you're not using these accounts for nefarious purposes (which we shouldn't), that's not the point. The point is that they exist at all, and just because you created them doesn't mean someone else cannot use them.

Re:Distinctions

Locking a couple of executives up for endangering national security might be the single best thing anyone could do to prevent this type of thing in the future.

One might hope this illustrates danger of backdoor

[DutchUncle]

.... but somehow I doubt that the anti-encryption crowd will get the point. Instead they'll point out how they, as government, are a different category.