Unbelievable but true! Backdoor in HP’s Backup solution

Not only that we users have to live with poor quality soft- and hardware that makes it easy for hackers to break into our systems. On top of that, soft- and hardware vendors implement their own backdoors to our systems.

It’s hard to believe but often true. Just recently a backdoor in HP’s storage system StoreOnce was revealed. It will probably remain HP’s secret why they spent resources in implementing such backdoors rather than increasing usability and security.

Maybe it was kind of preemptive obedience for those guys from NSA or GCHQ or just a brain fart of the head of HPs development department, who knows. Definitely it was not to the advantage of us users. If you ask HP to recover a lost admin password, they claim there is no way for doing so and just suggests a re-install. HP seems to be resistant to learning as they can look back to a long history of revealed backdoors in their systems.

So what can we do? Again, don’t trust the evil. Take into account that such backdoors exist. Think twice what kind of data you like to store (or I should better say share) on your systems.
Even if there is an update, backdoors may still exist. For HP StoreOnce storage system there even is no update available more than one month after the backdoor was exposed.

If you own a StoreOnce system, try to use the SSH client included in my app and connect to the IP of your StoreOnce system. The backdoor credentials are:

Username: HPSupport
Password: badg3r5

Yes, the password is ‘ badg3r5’. Unbelievable, isn’t it?