1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Air traffic control data found on eBayed network gear

Discussion in 'News' started by GiddyG, Oct 1, 2011.

  1. GiddyG

    GiddyG Terabyte Poster Gold Member


    Air Traffic control data found on eBayed network gear

    A switch with networking configurations and passwords for the UK traffic control centre was offered for sale on eBay, raising serious security concerns.

    The £20 Cisco Catalyst switch was bought by security consultant Michael Kemp, co-founder at Xiphos Research Labs, who quickly discovered that it has been used at the National Air Traffic Services (NATS) centre in Prestwick by contractor Serco. Data on the switch included supervisor credentials, internal VLAN and other networking configurations and upstream switch addresses as well as domains, gateways and syslogs.

    "For twenty quid, I have got full switching details (and creds) for a switch that was in use (managed by Serco) two years ago to help keep planes in the air at Prestwick," Kemp explained. "Obviously this is a security fail, especially as the seller had 13 of the units that may well have come from the same estate."

    A screenshot from of the configuration screen of the kit bought by Kemp, with Serco branding clearly visible, can be found here.

    Full Story here


    1. Boffy
      Interesting story and slightly concerning.

      But...could he have really of done much with the details he had? I've no knowledge of networking so how much can you tamper/alter with the information that goes through it?

    Share This Page