Sunday, August 10, 2014

TSA checkpoint computer reachable from the Internet

And by "reachable" I mean subject to rubber-gloved probulation:
LAS VEGAS — Black Hat USA — A Transportation Safety Administration (TSA) system at airport security checkpoints contains default backdoor passwords, and one of the devices running at the San Francisco Airport was sitting on the public Internet.
Renowned security researcher Billy Rios, who is director of threat intelligence at Qualys, Wednesday here at Black Hat USA gave details on security weaknesses he discovered in both the Morpho Detection Itemiser 3 trace-explosives and residue detection system, and the Kronos 4500 time clock system used by TSA agents to clock in and out with their fingerprints, which could allow an attacker to easily gain user access to the devices.

Device vendors embed hardcoded passwords for their own maintenance or other technical support.
Airport security?  We have Top Men working on it.  Top.  Men.

5 comments:

  1. Oh, Great! Now some hacker is going to download my x-ray scan and hang it in his ‘spakny room’. I feel so dirty and violated.

    ReplyDelete
  2. Things never change ... do they?

    ReplyDelete
  3. There's a reason we put all of our Kronos clocks on a separate VLAN. And disabled network services like TELNET on them that we don't use.

    They have to be on a network for communications. It's the architecture of the system. But on a public network? That's an oops.

    I'm not saying our is a perfect implementation, but you can only access the clocks from our network via a machine on the correct VLAN. And access to those machines is controlled.

    Whoever designed their Kronos implementation did it poorly.

    ReplyDelete

Remember your manners when you post. Anonymous comments are not allowed because of the plague of spam comments.