Thursday, August 23, 2012

The devices RuggedCom found the secret key

In SCADA systems from RuggedCom found dangerous vulnerability

American organization to respond to cyber threats ICS-CERT said that in a system of encryption devices on the network infrastructure of RuggedCom is vulnerable. This vulnerability allows an attacker to view the contents of network packets that sends and receives a device-based operating system Rugged.

The operating system RuggedOS (ROS) production of Canada's RuggedCom (a subsidiary of Siemens) found embedded secret key used to encrypt the SSL. Operating system RuggedOS installed in a variety of mission-critical systems, such as routers and systems SCADA, and if all the devices in the network use the same secret key, the compromise of one device makes it possible to exploit the rest.

For example is the multi-user devices RuggedCom - is the U.S. Navy, the oil giant Chevron and the transport department of Wisconsin.

«ICS-CERT is aware of a report on the hard-coded as private RSA SSL key in the Rugged Operating System (ROS) from RuggedCom, - stated in the notification department. - Vulnerability to PoC code was publicly presented by Justin Clark (Justin W. Clarke) of Cylance Inc.».

"August 9 private key was successfully extracted from the firmware, and then, on August 17, presented at the conference BSidesLA 2012 - said Clarke in a mailing list. - This vulnerability does not allow to bypass the authentication process. It allows an attacker to decrypt only SSL connection between the web-browser, the end user and the device RuggedCom.

The existence of this vulnerability could allow an attack of "man in the middle" and theft, for example, the administrator authentication data network infrastructure.

Note that in April this year, ICS-CERT reported having backdoor in ROS, which allows an attacker to gain unauthorized access to the device. In June, the manufacturer has released an update to the platform, where the backdoor was removed.

RuggedCom company produces hardware that is used for traffic management systems of railway communications, power plants, as well as in military facilities.

The company's Rugged equipment works as a bridge between the program logic controllers and computer networks used to send commands. These devices are located between the workstation with staff and a controller that breaks the circuit to the operator. Rugged devices support communication protocols Modbus and DNP3, used for direct control of SCADA systems. Among the company's customers can be noted such giants as the American Navy, the Ministry of Transport of Wisconsin, and the energy company Chevron.

Organization of emergency response to incidents ICS-CERT has released a security bulletin, which describes a vulnerability in key management. Reportedly, the vulnerability information, and a concept exploit published Justin Clarke (Justin W. Clarke), employee Cylance. Specialist showed the way how you can decrypt SSL-traffic between the end user and the device under RuggedOS.

ICS-CERT organization informed about the vulnerability of the equipment manufacturer and asked him to confirm the presence of holes, as well as explain how to protect against potential attacks. So far, the information about these methods do not. ICS-CERT recommends the use of minimizing the number of devices RuggedCom, open to the outside network, isolate the device from your network and use VPN for remote access.

In an interview with Reuters Justin Clarke mentioned the possibility of hacker attacks on a network that uses equipment RuggedCom. According to experts, this type of attack will be cheap and effective.

No comments:

Post a Comment