Justin Clarke and ICS-CERT unveiled another vulnerability in RuggedCom devices yesterday. This time, Justin took a different track with the device firmware and showed that all products use the same SSL private key, hard-coded in the firmware.
This is fairly typical in cheap consumer-grade embedded products, and has the unfortunate effect that easy Man-In-The-Middle attacks can be performed against products. For example, any compromised host on the switch management network can be used to spoof affected RuggedCom switches, meaning that the bad guy or gal could capture legitimate usernames and passwords for the switch.
It’s a simple and effective attack. Similar issues with Microsoft’s older version of Remote Desktop Protocol clients and Terminal Servers suffered the same issue. It’s unfortunately difficult to get people to pay attention to this type of security issue (RDP MITM weaknesses, including a hard-coded key, took years for Microsoft to address).