Rectifier exploits « IT Security Geeks

Ever changing faces of vulnerabilities.

McAfee’s latest proof-of-concept showed the ability to seriously injure someone with a direct cyber attack. This involved an attack on an insulin implant pump. The pump could be induced to fully discharge it’s contents. In a diabetic, this will cause¬†hypoglyc√¶mia. This may result in death or brain damage if prolonged.

We’d like to congratulate Barnaby Jack for bringing attention to this.

We at I.T. Security geeks have long held the belief that this sort of thing is possible. While our focus has largely been directed at conventional, common place vulnerabilities we spend a fair amount of time working with obscure appliances and identifying issues with those products.

In my own area of influence, I’ve exploited rectifiers in controlled circumstances to effect power failures and fires (Easier than Jack’s Medtronic exploit, as you really don’t need to have much knowledge and most rectifiers are deployed with factory default PIN codes for administrator access). Don’t believe me? One of the world’s foremost suppliers of DC power systems has a default password for the user: “Admin” that is: “1”

Yes, the number 1.

I have personally accessed production power systems in operators where this default was discovered, and upon making my recommendations for immediate action was told, “No. We keep it like that to make it easier for our technicians.” or “We don’t perceive a problem with that.”

No perceived problem? How so? The manual for this particular device tells me:

The User has full access to all menus; including update the OS application and modifying, adding, and deleting Users.

Via the WEB Interface, a User (with proper access level) can:

View real-time operating information (rectifiers, converters, AC, DC, Batteries, etc.).

View and download information recorded in logs.

Send control commands.

Set programmable parameters.

Download and upload configuration files.

Download firmware to the Controller.

 

Curious, is it not?

 

I truly guarantee that if you are a telecommunications operator or co-location provider, you have this vendor’s product somewhere in your network. Call us to chat.