Airport Scanners Have Account Backdoors, Default Passwords
There has been quite a bit of coverage lately hacking into transport areas such as air, sea and road, well this latest one should come as no surprise in a world where things seem to be run using "default" passwords.
"Many of the machines deployed at airport security checkpoints have embedded accounts with default passwords that can be abused, Billy Rios, director of threat intelligence at Qualys, told attendees at the Black Hat conference on Wednesday. In this case, the concern is that attackers may be able to use the accounts as a backdoor to get access to the system.
The embedded accounts on the scanners weren't added as malicious backdoors. Manufacturers like to create embedded accounts with hardcoded passwords for maintenance and support purposes. While convenient, these accounts pose problems when administrators don't even know these accounts exist, and can't even change the passwords to something else."