General Electric industrial Ethernet switches revealed to have hard-coded SSL key – and other vulnerabilities
Wed 14 Jan 2015
A range of industrial-level Ethernet switches in use at industrial facilities, transportation environments, waste-management plants and substations has been found to have a hard-coded SSL key that can be retrieved from the firmware.
U.S. company GE’s Multilink ML800 series of managed switches contain the vulnerability, one of three identified by researcher Eireann Leverett, who passed his research on to the Department of Homeland Security in early January. Two other vulnerabilities have been identified, though the third has not yet been disclosed.
The key attack vector for the series is the availability of the RSA private key which is used to decrypt SSL traffic in the routers’ firmware. GE have issued instructions on upgrading the router firmware, recommending that the modifications be made in a non-networked environment over a serial key, to prevent interception, and providing details on generating a new SSH key via CLI, overwriting the hard-coded key.
NCCIC/ICS-CERT have recommended that organisations evaluate the potential danger based on their own operational environment.
The latest firmware available is Version 4.2.1 for the ML800, ML1200, ML1600 and ML2400, whilst version 5.2 is the correct update for models ML810, ML3000 and ML3100.
The second vulnerability disclosed is that of one of the hardware’s web interfaces is susceptible to Denial of Service (DOS) attack, which could potentially exhaust the router’s resources and force a reboot – necessary after any intruder’s modifications to the default firmware.
After a year of increasing local and global paranoia about attacks on infrastructure, for which the attack on Sony has been read by many as a ‘dry run’, the inclusion of hard-coded authorisation information in equipment intended for critical infrastructure is more than baffling. One listing for the ML800 chillingly boasts that the model has ‘Available options for use in in Harsh Chemical Environment’.
Founded in 1892 by – among others – Thomas Edison, General Electric operates out of Fairfield, Connecticut, and has been subject to considerable negative publicity in recent weeks in the wake of falling oil prices – 15 per cent of the company’s revenue is now accounted for by its recent moves into the oil and gas markets. GE’s share price fell to a 52-week low on Tuesday, bottoming out at $23.64 with 25,907,582 shares in transit.