LAS VEGAS. At a press conference at the Black Hat USA event here, security researchers Colin Cassidy, Robert Lee and Eireann Leverett discussed secuirty vulnerabilities found inside of industrial networking gear.
Leverett and Cassidy are security consultants for IOActive, while Lee is a co-founder of Dragos Security. While doing some basic research, the trio were able to find multiple classes of common vulnerabilities across industrial switching gear from Opengear and other vendors. The vulnerabilities include weak authentication and cross-site scripting type flaws.
While there are patches for some of the flaws, Cassidy emphasized that it’s really mostly about secure configuration by default. That is, many of the switches were not shipped by the vendor with secure settings on.
Watch the full video below:
Sean Michael Kerner is a senior editor at Enterprise Networking Planet and InternetNews.com. Follow him on Twitter @TechJournalist.