AdvanTech - Another case of SSH hard-coded blunders

In light of recent news that industrial systems are becoming the focus of attack from cybercriminals, it is disturbing to find that products aimed at integrating industrial machinery with the internet are seriously flawed.

The recent incident that involves the Taiwanese firm Advantech, concerns the release to the market of an Internet-connected industrial device - a serial to IP converter -which was remotely accessible to anyone without even a password. The oversight was down to a coding error in the firmware by the gateway manufacturer.

AdvanTech has since patched the firmware in some of its serial-to-IP gateway devices, in order to remove a hard-coded SSH (Secure Shell) key – this seems to be becoming a recurring theme with unauthorised code - that would have allowed unauthorised access by remote attackers.

Unfortunately, that embarrassment seems to be the least of AdvanTech’s worries, as further investigation revealed AdvanTech’s problems went far deeper. Researchers from security firm Rapid7 discovered that any password would have gained remote access to the vulnerability in AdvanTech’s serial-IP gateway, which is used to connect serial and Ethernet devices to a cellular network.

The vulnerability in the firmware though only exists in the revised firmware version 1.98, which was released for the Advantech EKI-1322 Internet protocol (IP) gateway.

AdvanTech’s firmware contains an open-source SSH server called Dropbear however it has been heavily customised to an extent that it no longer enforces strict authentication, in fact it performs no authentication at all and permits remote access to anyone using any public key and password.

Photo credit: jijomathaidesigners / Shutterstock