Robotron announced today that an independent cyber researcher had reported that there was a hard-coded backdoor that allowed remote command execution in their SD-1768 marine controller. According to Erich Mielke, spokesperson for Robotron, users are urged to immediately update their devices to the latest version.
A post by the Free Ukraine Cyber Kollective claims that a member of their organization found the vulnerability in the SD-1768. It reports that an update pushed to the devices in January added the backdoor access. They note that the Schiffsdiesel Division of Robotron, based out of Kaliningrad, Russia, was responsible for that update.
Grigory Spiridov, a spokesperson for the Schiffsdiesel Division, denies that there was any problem with the SD-1768 software. “We have not been able to verify the slanderous claims of the Ukrainian cybercriminals,” Spiridov told reporters at the Division Headquarters. When asked about report from Robotron headquarters about the vulnerability, Spiridov said: “This is part of the unacceptable attacks on Russian corporate interest engineered by the United States.”
Mielke told reporters that Robotron had ordered the Schiffsdiesel Division shut down as part of the EU’s sanctions against the Russian government. “The Division management, mostly Russian nationals left over from the acquisition of Chichagov Morskoy in 2015, have disregarded our shutdown orders and are currently cooperating with the Russian government.” There are unconfirmed reports that Erich Raeder, the Schiffsdiesel President and a German national, was arrested by the Russian government. Mielke refused to comment on the rumors.
Marina, a spokesperson for the Kollective, reported that they discovered the backdoor while a member was investigating an unusual failure of an SD-1768 in a Ukrainian Navy patrol boat operating in Odessa. “We were able to confirm that this was not a one-off problem when we used the backdoor to disable a Russian freighter hauling Ukrainian wheat to Syria,” Marina explained to me by telephone.
No comments:
Post a Comment