It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Originally posted by BULLPIN
RuggedCom is a Canadian company (recently acquired by Siemens) that manufactures electronic equipment used in sensitive military and industrial "mission-critical" communication networks that operate power grids, railway traffic control systems and manufacturing facilities. Apparently, all versions of the Rugged Operating System, created by RuggedCom, had a back-door vulnerability that cannot be disabled. It featured a static username, that could not be changed by customers, and a dynamically generated password based on the device's MAC address. This built-in feature was not disclosed to customers using their devices.
RuggedCom's inclusion of the back-door without disclosure is irresponsible, at best, and perhaps even criminal. It begs the question: Was it built-in under the direct orders of a Government or was it the result of an internally-made corporate decision? Stuxnet and Duqu were two things that immediately came to my mind. The recent Siemens acquisition of RuggedCom also adds an interesting twist to the plot. I'm simply thankful that the vulnerability wasn't discovered and exploited to ill effect. Thanks goes out to Justin Clarke for finding and exposing this problem.