Airport security? We have Top Men working on it. Top. Men.LAS VEGAS — Black Hat USA — A Transportation Safety Administration (TSA) system at airport security checkpoints contains default backdoor passwords, and one of the devices running at the San Francisco Airport was sitting on the public Internet.Renowned security researcher Billy Rios, who is director of threat intelligence at Qualys, Wednesday here at Black Hat USA gave details on security weaknesses he discovered in both the Morpho Detection Itemiser 3 trace-explosives and residue detection system, and the Kronos 4500 time clock system used by TSA agents to clock in and out with their fingerprints, which could allow an attacker to easily gain user access to the devices.
Device vendors embed hardcoded passwords for their own maintenance or other technical support.
Sunday, August 10, 2014
TSA checkpoint computer reachable from the Internet
And by "reachable" I mean subject to rubber-gloved probulation:
So Top Men = lowest bidder?
ReplyDeleteOh, Great! Now some hacker is going to download my x-ray scan and hang it in his ‘spakny room’. I feel so dirty and violated.
ReplyDeleteThings never change ... do they?
ReplyDeletePar for the course.....
ReplyDeleteThere's a reason we put all of our Kronos clocks on a separate VLAN. And disabled network services like TELNET on them that we don't use.
ReplyDeleteThey have to be on a network for communications. It's the architecture of the system. But on a public network? That's an oops.
I'm not saying our is a perfect implementation, but you can only access the clocks from our network via a machine on the correct VLAN. And access to those machines is controlled.
Whoever designed their Kronos implementation did it poorly.