BCSD – Stuff that ought not be on t’interwebs
What’s does BCSD mean? It’s an acronym sometimes used for phallicly-challenged drivers of large automobiles but I’ve another meaning in mind; Badly Configured SCADA Device. There are plenty of them out there for sure. Now before I go on let me make it clear what I mean by SCADA. There’s a lot of FUD out there on this topic and far be it from me to pile onto that bandwagon. Take the acronym at face value; if your popcorn maker is computer controlled and records temperature that’s as control and data acquisition system. Not that exciting sure but probably something that ought not be on t’interwebs, right? Not every SCADA system runs a billion dollar assembly line or a fission reactor.
Bob recently sent me a tale of his research (nice try Bob, you’re just plain nosy and you know it) into one particular device, namely Siemens Simatic range of HMI panels. These are Windows CE based touchscreen human-machine interface display devices and are linked to a wide variety of automated systems. So what contributes to these being a BCSD? Firstly of all they provide unauthenticated telnet access. When I pressed him on this Bob didn’t know if they come out of the box like this but the mere fact that you can run telnet with no login does not bode well. You might think that security was not at the forefront of the developer’s mind when this was built.
You can also manage these critters using HTTP. Most of the functionality, save the file browser, is available without having to authenticate. But that’s cool, you can always telnet in if you want to see what’s stored on the device. Oh and there’s also VNC. Siemens have included a nice little Java VNC client in the web server. Now before you get too excited it does promptsfor a password. Just a password. Not a username and password. Just as password. Oh and the default password is 100. Nice.
So here’s where the fun begins. Bob sent some of the choice BCSD screen shots of stuff that ought not be on t’interwebs.
So what is this exactly? We see something that looks like flames, a temperature gauge and some strange values in drop down boxes. What’s your guess as to it’s purpose? This is the control panel for a crematorium. Wow, what the hell is this doing on the Internet? That’s just plain creepy, thanks Bob. Is Obese the default setting on this thing? *shudder*
What about this one? It’s the control panel from a funicular railway. How quanit, sounds like the sort of thing you ride when you’re on holiday. A slightly less creepy voyeurism tool than the previous one for the trainspotters out there or a fun-sized Scalextric set for grown-ups? You decide.
And this one? File this under WTF meaning I haven’t a clue what it’s supposed to be. Bob pointed out that this one allowed user interaction with the screen. I did mention earlier that these are touchscreen device right? So now you can reach out and touch… whatever the hell this is. The word “Fermentor” make me think this is a brewery or a sewage treatment plant.
What’s the moral of this Bob story? Take a product with a poor security architecture, hook it up to control whatever and then plonk it on the Internet. What could possibly go wrong?
Categorised as: Stories