April 25, Ars Technica – (International) Backdoor in mission-critical hardware threatens power, traffic-control systems. Equipment running RuggedCom's Rugged Operating System networking gear has an undocumented account that cannot be modified and a password that is trivial to crack. According to researchers, for years the company did not warn the power utilities, military facilities, and municipal traffic departments using the industrial-strength gear the account can give attackers the means to sabotage operations that affect the safety of many people. The backdoor uses the - 20 - login ID of "factory" and a password recovered by plugging the media access control (MAC) address of the targeted device into a simple Perl script, according to a post published April 23 to the Full Disclosure security list. To make unauthorized access easy, paying customers of the Shodan computer search engine can find the IP numbers of more than 60 networks that use the vulnerable equipment. The first thing users who telnet into them see is its MAC address. Equipment running the Rugged Operating System act as the switches and hubs that connect programmable logic controllers to the computer networks used to send them commands. They may lie between the computer of a electric utility employee and the compact disk-sized controller that breaks a circuit when the employee clicks a button on their screen. To give the equipment added power, Rugged Operating System is fluent in the Modbus and DNP3 communications protocols used to natively administer industrial control and supervisory control and data acquisition systems. The U.S. Navy, the Wisconsin Department of Transportation, and Chevron are just three of the customers who rely on the gear, according to RuggedCom's Web site.
Ali Loney, on April 25, 2012