Security Resources

Internet Scans Turn Up More Unsecured Hardware

warning

Vulnerable terminal servers reflect bigger security problem

April 26, 2013 — CSO — Security weaknesses uncovered in terminal servers used to provide an Internet connection to a wide variety of business and industrial equipment exemplify the risk inherent in adapting older systems to modern technology, experts say.

A recent study by the security firm Rapid7 found more than 114,000 terminal servers, mostly from Digi International or Lantronix, configured to let anyone gain access to the underlying systems. A terminals server, also called a network access server, makes any equipment with a serial port accessible through the Internet.

The systems found vulnerable to tampering included industrial control equipment, traffic signal monitors, fuel pumps, retail point-of-sale terminals and building automation equipment. A hacker scanning the Internet for the serial ports on these devices could easily use a command line program to gain administrative privileges and control the equipment.