back to article UK Ministry of Justice secures HVAC systems 'protected' by passwordless Wi-Fi after Register tipoff

The Ministry of Justice has secured a set of Wi-Fi access points that potentially gave admin access to industrial control equipment after a tipoff by The Register. Four unsecured wireless networks named "Boiler Pump 1" to "Boiler Pump 4" were freely accessible in the Royal Courts of Justice (RCJ) until The Register told …

  1. Neil Barnes Silver badge
    Holmes

    where jurors have been told they can keep their hands, coats and gloves on

    Well, I guess the latter two are optional, but the first? I thought that sort of thing was more the province of the Taliban?

    Nearest thing to a legal icon --->

  2. Boris the Cockroach Silver badge
    Facepalm

    Bet I can take a guess

    Username :admin

    Password : 1234

    eeeeeeeeeee special branch at the door... they think I'm a l33t h4XX0r

    1. pavel.petrman

      Re: Bet I can take a guess

      I bet you are not far off. A few years ago a case made waves in Slovakia where an underage "hacker" broke into the main Internet-facing gateway/mail server of the country's national security bureau (abbr. NBUSR) with root password, no joke, "nbusr123". If I recall the fallout correctly the office proceeded to file a complaint with the police against the youth and assign one official to sit in front of a KVM screen all day, monitoring traffic, and to disconnect the RJ-45 connector at the end of their shift, rendering the Internet presence of the bureau to be accessible within official hours only. The authorities saw no problem in any of said steps.

  3. Clausewitz 4.0
    Devil

    HVAC system as an entrypoint

    Anyone remember this big raid? Yet, it can be as simple as admin / 1234

    If someone breaks out of a HIGHMAX pen by observing the door isn't locked in a certain 5min interval over a 24h timespan, it doesn't diminishes the job.

  4. Anonymous Coward
    Anonymous Coward

    The MoJ building's Wifi password is also freely available

    Google have indexed PDFs created for meetings at the MoJ HQ which have the Wifi password. Which is shared across the entire internal building network. You can pick up a (weak) Wifi signal from the street outside.

    1. Clausewitz 4.0
      Devil

      Re: The MoJ building's Wifi password is also freely available

      Interesting...

  5. Dan 55 Silver badge

    Does the venue extend such luxuries as windows with panes of glass and ceilings without holes in them to jurors or there is still scope for further underfunding?

    Anyone would think the ruling party has an interest in running the judicial branch into the ground...

    1. sabroni Silver badge
      Facepalm

      re: the ruling party has an interest in running the judicial branch into the ground...

      You sound just like one of those pesky human rights lawyers.

      I bet you think the state should have to obey the law too!

  6. Anonymous South African Coward Silver badge

    CommitStrip

    Obligatory CommitStrip

    On another note, how long before FCD#3 will pop up?

    1. Doctor Syntax Silver badge

      Re: CommitStrip

      A while ago I discovered that PlusNet had secured their supplied router from their end. (Administration accessible from the WAN! Secure? Really?) locking the LAN admin out from managing the DHCP server. I replaced it. The new one insists the straight out of the box or from a factory reset that the user change the password before going on to set up the external connection so at least somebody does it right.

      1. Yet Another Anonymous coward Silver badge

        Re: CommitStrip

        Bonus points if the "create a new passwd to continue" page is done by different group to the login page and used different JS to validate valid passwd

        Yes looking at your <$Bn network company> who sanitises username/passwd so they can't start with a $ but does allow that at the initial setup prompt

        1. Teejay

          Re: CommitStrip

          Similar problem with Wifi on Garmin Watches. Some characters within the specification are not allowed - forcing you to change the router password.

          1. Graham Cobb

            Re: CommitStrip

            That wasn't discovered by RevK was it?

        2. Anonymous Coward
          Anonymous Coward

          Re: CommitStrip

          Yup, had that with a (I think) banking password.

          Created a password. It then prompted for a username/password but wouldn't let me in with the newly created password as it didn't conform to their password standards... then to top it all, it wouldn't let me use 'lost/forgotten password' as I hadn't yet got to validate the username

          (and I obviously couldn't create a new ID as the credentials are already assigned)

      2. tip pc Silver badge

        Re: CommitStrip

        https://en.wikipedia.org/wiki/TR-069

        There is a whole protocol governing isp router admin via wan.

  7. BenDwire Silver badge
    Facepalm

    We are told the Wi-Fi access points have been disabled until further notice.

    If people were then wearing coats inside, then I suspect the entire heating system has been disabled instead! Maybe no-one on site has the ability to do anything more?

    I'm sure a 'consultant' will be along any time soon once s/he's had their pockets stuffed with wads of cash ...

    1. yetanotheraoc Silver badge

      Re: We are told the Wi-Fi access points have been disabled until further notice.

      Let me guess: They opened a support ticket about the cold, but support couldn't access the system via wifi to adjust the setting. So the first ticket remains open, and now there's a second ticket to restart the wifi.

      1. Korev Silver badge
        Coat

        Re: We are told the Wi-Fi access points have been disabled until further notice.

        Maybe they need to move nearer to the WiFi hotspot to keep warm

        Oddly appropriate icon -->

    2. General Purpose

      Re: We are told the Wi-Fi access points have been disabled until further notice.

      The coats were at the Inner London Crown Court, far away on the other side of the river. The mention of jurors is a giveaway, they're not usually found in the Royal Courts of Justice.

    3. Anonymous Coward
      Anonymous Coward

      Re: We are told the Wi-Fi access points have been disabled until further notice.

      "I'm sure a 'consultant' will be along any time soon once s/he's had their pockets stuffed with wads of cash ..."

      That makes sense as 'Paper' is a good insulator, which they will need with no heating !!!

      :)

  8. DS999 Silver badge

    This is the fault of whoever installed it

    Choose the low bid installer, get the low bid service.

    1. Tom Paine

      Re: This is the fault of whoever installed it

      Lowest bid? This is public sector procurement we’re talking about...

  9. Dwarf

    Why has nobody asked the obvious question of "Why does it need a WiFi presence in the first place ?"

    The physical security offered by a cable connection on something that shouldn't need any real ongoing configuration should be the default as this sort of kit will generally be in a physically secured location to start with.

    I bet the same sort of thing happens on Bluetooth connections for similar reasons.

    1. Richard 12 Silver badge

      It's useful during initial commissioning

      Walk the building to all the sensors and actuators to make sure they really are the one listed on the documentation, and correct the system "live" if not.

      But once that's done, turn it off, unplug it and take it off site.

    2. TeeCee Gold badge
      Facepalm

      But iz wurk wiv app on ur iPhone yes?

  10. Anonymous Coward
    Anonymous Coward

    Here I am freezing my 'nads off, huddled round a 'facilities management'-supplied fan heater, 'cos the buildings heating has failed AGAIN! Alternatively I could drag myself out into the stairwell as the (pointless!) radiators there are the only ones that seem to be working

    Hacked WiFi... you're kidding me... if it's 'automated' it will be via a 300bps dial-up modem connected to a black box in the basement... more likely to be some clockwork set up to strike a match every morning

    1. John Brown (no body) Silver badge
    2. Anonymous Coward
      Anonymous Coward

      "you're kidding me... if it's 'automated' it will be via a 300bps dial-up modem connected to a black box in the basement"

      Which reminds me I must write to El Reg about a dial-up modem, the Royal Family and a visit to this poster from Special Branch in 1990!

    3. Anonymous South African Coward Silver badge
      Trollface

      Ahhhhh, Simon must be up to his old tricks again...

    4. 42656e4d203239 Silver badge
      Coat

      well actually....

      I used to control (many) boiler houses by just that method - a 300 Baud modem made by Case, a runtime environment apparently programmed in Pascal running on a HP computer (not a PC compatible - HPIB for the win!) and orange boxes in the remote boiler houses (those who know will know!).

      We were updating the bolerhouses to 1200 Baud modems at vast expense (£100ish each at the time; back then £100 was really something, not what you might piss up against the wall on a Friday night), but often the 300 Baud beast was the only thing that could tolerate the shocking lines BT generally provided; as far as I could tell it would happily connect over a piece of wet string.

      Those were the days...

      /me sobs into the morning tea remebering the good old days and mine's the one with white beard hairs down the front.

    5. Fr. Ted Crilly Silver badge

      Furniture store under the quad back steps, lovely and warm, you do know how to get down there do you? ;-)

  11. Anonymous Coward
    Anonymous Coward

    potentially forcing the closure of the building and delays to court cases

    which - if you've read anything by The Secret Barrister - you will find is the government's Modus operandi

  12. Anonymous Coward
    Anonymous Coward

    Default passwords

    That’s all well and good, but when will central government ministries and departments stop using ludicrously weak non-unique admin passwords on all their client systems? You’d think NCSC would have warned them...

  13. TimMaher Silver badge
    Facepalm

    SSID

    How visible are these WAPs?

    I had a logger installed recently, in the loft, as part of the solar panel system.

    The main installation is terrific but the electrician who installed the logger is not an IT type.

    The result was a massively insecure pile of amateurism that also flooded 2.4g on our router.

    This has since been corrected (by me), and a new WAP installed, upstairs, to ‘suck’ the traffic.

    Sometimes it is just lack of knowledge but.... at the RCJ?

  14. PRR Silver badge

    > The ancient right of every Briton to enter a courtroom and sit in the public gallery watching the proceedings ...

    This presumably extends to every Briton watching everything happening on the court WiFi.

    There's nothing new. Decades back they added key-card entry to my school buildings. The installers never asked for an IP but I found their gear squatting on "my" subnet. OK, but 69 seconds in Google had me the docs and the default password, and 13 seconds more to try and succeed to get all privilege on their security boxes. I didn't touch nothing (I swear!) but dropped a note to university net-ops cc:security woman.

    I still wonder how many OTHER jobs those installers walked away from (and cashed the payment for) while leaving them wide-open to any kiddie-hack in sight?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon