One port-enabled device uncovered during the research had remained in a fully authenticated state for more than 990 straight hours because an administrator failed to log off the system, he said.
In addition, terminal server devices often come with default passwords and backdoors that are left in place. Many of these systems also have weak or non-existent encryption technologies to protect communications, he said.
The fact that a large number of terminal servers connect via cellular and 3G networks means that they are outside a traditional firewall and, therefore, much harder to protect, he said.
Moore's recommendations for protecting terminal servers include the use of strong passwords and non-default user names, authentication to access serial ports and the use of encrypted services such as SSL and SSH to access the devices.
Sign up for CIO Asia eNewsletters.