Did You Realize Your UPS Can Be A Network Vulnerability?

Someone on the (empty just now) chat had commented on Liebert UPS' for cameras. Liebert, as of 2014, still shipped Telnet enabled on their control units. And they use BACNET. English translation: they're not secure, they could be potentially attacked through the network.

FYI UPS can kill you. Under certain conditions you can fake a UPS power-loss notice to your VMS or your Disk array and tell it to shut down. Also, it's another embedded box built by a vendor likely not thinking about network security who added a cheesy circuit board with an ethernet interface so those darn datacenter customers would think it's monitorable. And there's the story (from LAST CENTURY - 1999) where the network auditor "broke in" to a data center by using telnet to access the HVAC unit for the NOC and raising the temperature until they drove the operators out of the building.

I'm also reminded of this by the Minuteman UPS advert I just received for a product called "Entrust". You can tell their engineering team has never seen a digital certificate when they use a CA name for a product name. Yes, it relates, because all your network gear should have "non-person entity" cerficates so the UPS engineers most definitely need to be taught how to spell complex words like TLS and SNMP.


Anything with MAC address can be a network vulnerability.

I like the scenario of using the UPS as a denial of service attack vector against the VMS. Nice.

Generally, with so many embedded systems being deployed (with a MAC address) it's more and more challenging to corral the possible attack scenarios. Made all the more difficult by how opaque these systems can be to the customer and even the end-user/vendor. If all your systems are Windows you might sleep better knowing they're all patched to-date and running the appropriate safeguards. But when you don't know what's running on some exotic device.. Caveat emptor.

If all your systems are Windows you might sleep better knowing they're all patched to-date and running the appropriate safeguards.

When did Windows systems become the paragon of invulnerability?

And there's the story (from LAST CENTURY - 1999) where the network auditor "broke in" to a data center by using telnet to access the HVAC unit for the NOC and raising the temperature until they drove the operators out of the building.

Hey, I think I saw that in Mr. Robot!