Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: potential security issues with embedded systems?

From: Randy Marchany <marchany () VT EDU>
Date: Thu, 11 Dec 2003 20:56:17 -0500
We've had equipment show up that is based on NT4.0SP3...not a good thing. It's
not just Windows. Some vendors sell equipment that uses r-commands for
authentication, TFTP to download firmware...you get the idea.

I know of MRI units that have controllers running older OS that haven't been
patched with the current patch list. Environmental controller for buildings
(heat, lights, a/c) based on r-hosts authentication (Hey, the vendor
recommends you put the systems behind a firewall).


Embedded controllers are a serious risk to the infrastructure because at best,
they just blast packets on the net (point your browser to a networked laser
printer) and at worst can cause damage.


        Randy Marchany
        VA Tech IT Security Lab
        Blacksburg, VA
        http://security.vt.edu

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: