back to article Industrial Wi-Fi kit has hard-coded credentials

The travelling side-show of industrial control kit insecurity continues, with an outfit called Red Lion being called out for hard-coded credentials on a wireless access point. ICS-CERT has issued an advisory noting that the company's N-Tron 702.-W industrial wireless access point has hard-coded private keys for SSH and HTTPS …

  1. enerider

    Mandatory step missed in the final line

    "Or, perhaps, unplugged, replaced, and dropped in the skip."

    Between "unplugged" and "replaced" needs an "accidentally set on fire". </BOFH>

    1. phuzz Silver badge

      Re: Mandatory step missed in the final line

      I think after it's been "accidentally" set on fire, it should end up in the bin of the person who bought them in the first place...

      1. enerider

        Re: Mandatory step missed in the final line

        A great plan! Although I'd prefer the more BOFHly method where after the items are accidentally set on fire and put in the bin, the person responsible for buying them also accidentally goes on fire and goes into the bin...

  2. Trevor_Pott Gold badge

    Class Action Lawsuit

    Can you hear the lawyers stampeding?

    1. Robert Helpmann??

      Re: Class Action Lawsuit

      Can you hear the lawyers stampeding?

      Don't be silly! They can't stampede because their natural form of locomotion is swimming, but you should be able to spot the fins heading toward the scent of blood.

      1. Destroy All Monsters Silver badge

        Re: Class Action Lawsuit

        Ayee! They are heading in the direction of the customer for "unlawful obtention of trade secrets and reverse-engineering of copyrighted security code contrary to section ARSE paragraph SHIT of the DMCA".

        1. Anonymous Coward
          Anonymous Coward

          Re: Class Action Lawsuit

          Hurr, hurr. He just said DMCA! Hurr, hurr.

  3. Mark 85

    How about this...

    Instead of the trash/bin/skip... send them back to the manufacturer. If they get enough coming back, it might be a wake-up call. I'd suggest bypassing their mail room and shipping them to the CEO's home address if that's available.

    1. gollux

      Re: How about this...

      It should be legal to deliver them via airdrop by the ton packing crate. A few salvos through the R&D headquarters should suffice.

    2. Christian Berger

      Unfortunately not

      a) If you do that, your industrial system... costing thousands per second... will stand still for hours.

      b) They will just send it back as it's not broken as per specification.

      1. Bob Wheeler

        Re: Unfortunately not

        "b) They will just send it back as it's not broken as per specification"

        However if they have used the word SECURE, at least once in their advertising or the specification, then......

    3. WonkoTheSane

      Re: How about this...

      1: Duct tape to housebrick

      2: Deliver via window.

      1. Eddy Ito

        Re: How about this...

        If they eat their own dog food perhaps someone could find a way in and issue an RMA to every customer. Free shipping included of course.

  4. Christian Berger

    It's a difficult crowd

    I have considered working at a company doing a lot of industrial control... however I decided against it.

    The problem is that the people working there are still stuck in their 1990s mindsets and technologies. Even if they wanted to change, they can't because they are stuck with brain dead 1990s technologies like OPC (OLE for Process Control).

    Those people haven't learned about Unix so they think OOP is the only way to go. They even actively work on things like "SCADA in the Cloud".

    Such a work environment probably is completely unbearable to anybody with the slightest knowledge about security. That's why those people aren't found there.

    1. Destroy All Monsters Silver badge

      Re: It's a difficult crowd

      OLE for Process Control


    2. tony2heads

      Re: It's a difficult crowd

      I though that "SCADA in the Cloud" was a joke until I read the link. Who would let a serious industrial control system be run from the cloud. I am beginning to think they were using Die Hard 4.0 (Live Free or Die Hard) as a template.

      seriously - WTF??

      1. itzman

        Re: It's a difficult crowd

        plenty of peoiple might if they had set up secure tunnels etc.

        Its total cobblers to talk about this or that piece of kit in itself being insecure, when what is required is overall security of whole networks.

        I remember asking a security consultant 'what is the weakest link in their Internetwork security' and being answered 'the dial up modems to their windows PCS the staff plug into their DDI numbers in order to be able to work from home'

        Because the corporate firewall denied them internet access...

      2. Roland6 Silver badge

        Re: It's a difficult crowd

        " Who would let a serious industrial control system be run from the cloud."

        Well we shouldn't forget that this is exactly how many of the driver-less car systems are being envisioned...

        The issue with "the cloud" isn't so much the "seriousness" of the application, but the criticality of time and failure modes. So for example a river management system probably doesn't need millisecond interactive control responses and if communications did fail what would the consequences be if nothing happened until a person could be got on site. This naturally is different to say a pump storage/hydro-electric power station where you do want things to happen in seconds and hence you will have both control systems and people permanently on site - but then even these are effectively managed from "the cloud" given they only do stuff in response to a call from some operation's centre at the other end of a comm's cable...

  5. Griffo

    The other question is - how much of their other gear has similar or the same vulnerabilities?

    1. Richard 26

      "The other question is - how much of their other gear has similar or the same vulnerabilities?"

      ...and how hardened are the fish in this other barrel?

  6. itzman

    The only options...?

    ...are to make sure the APs aren't accessible from the Internet, and are isolated from the business network.


    That's what vpn's and firewalls are for. To wrap insecure connections in secure ones. To create trusted networks across insecure networks.

    1. Roland6 Silver badge

      Re: The only options...?

      Reading between the lines, I would presume the vulnerability is in the AP's management interface, as I don't see where else the AP would need to be aware of SSH and HTTPS sessions. (The document does not go into any detail as to how the AP supports WPA2-Enterprise mode of operation and hence whether the vulnerability has any impact on WiFi security.)

      From memory, Cisco AP's also contain hard-coded manufacturer's credentials, but I don't remember whether the certificate was unique to each AP or not, but you could load . Looking at the N-Tron user manual, the capabilities of these devices look very similar to the typical domestic xDSL/wifi/LAN router (rather than a Cisco enterprise AP) hence I wonder whether a similar issue is lurking in equipment from Netgear, D-Link, Draytek etc...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like