Backdoor in industrial networking hardware

ROS is designed for service with electricity suppliers and in the transport and defence sectors The Rugged Operating System (ROS), an operating system created by the developers at RuggedCom, contains an undocumented backdoor. RuggedCom, a Siemens subsiduary, specialises in industrial grade networking equipment for "harsh environments" and recommends its switches and servers for use in power plants, oil refineries, military environments and traffic monitoring systems. 

A posting on a security mailing list has now documented that all ROS systems have a "factory" user account that, the author says, cannot be disabled. Its password is derived from the hardware address of the network interface; a small Perl script demonstrates how a MAC address of00-0A-DC-00-00-00 turns into a password called 60644375.

A user on the same network as the system will have no problem finding out the MAC address. As a workaround until a fix has been released, the US-CERT recommends that the affected systems' Telnet and RSH services be disabled; however, it is unclear whether the backdoor account is also accessible via SSH or HTTPS services.

The timeline of this incident is particularly troubling for customers concerned about timely fixes, as RuggedCom appears to have been contacted by the discoverer of the backdoor over a year ago. Apparently, the company confirmed knowledge of this backdoor but didn't show any willingness to fix it. After the US-CERT was notified and communicated with the Siemens affiliate, also it appears without success, the issue was publicly disclosed by US-CERT. Siemens fully acquired Canadian firm RuggedCom for almost $400 million earlier this year.

(Source: h-online.com)