Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Vulnerable terminal servers could let bad guys hack stoplights, gas pumps

Jaikumar Vijayan | April 25, 2013
Industrial control systems, traffic signal controllers, fuel pumps are easily hacked via poorly configured serial port systems, Rapid7 says

One port-enabled device uncovered during the research had remained in a fully authenticated state for more than 990 straight hours because an administrator failed to log off the system, he said.

In addition, terminal server devices often come with default passwords and backdoors that are left in place. Many of these systems also have weak or non-existent encryption technologies to protect communications, he said.

The fact that a large number of terminal servers connect via cellular and 3G networks means that they are outside a traditional firewall and, therefore, much harder to protect, he said.

Moore's recommendations for protecting terminal servers include the use of strong passwords and non-default user names, authentication to access serial ports and the use of encrypted services such as SSL and SSH to access the devices.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.