Layer Eight: Who benefits from backdoor access?
I wrote to Alexander Machowetz at Siemens asking about the reason that RuggedCom – or anyone else for that matter – would deliberately include lines of code within an industrial operating system to enable bypass of the standard security measures fitted to the device. I should add that the Canadian company was recently purchased by the German colossus. Alexander´s response to me as follows:
"The purpose of this code was to offer a support mechanism for customers to allow the reset of the customer password in the event it was misplaced. Many of these devices are remotely located. In the event that the customer misplaced their password, RuggedCom technical support could assist the customer to remotely regain administrative access without having to go to the site location or reboot the system..."
Well I guess that´s one reason. Let´s hope that someone at RuggedCom technical support carries out a check on exactly who is doing the asking, and at the same time gives them a shakedown for dubious liquids and sharp objects!