HP Keeps Installing Secret Backdoors in Enterprise Storage

Back DoorWho needs the encouragement of the government when the companies are doing it without even being asked?

For the second time in a month, Hewlett-Packard has been forced to admit it built secret backdoors into its enterprise storage products.

The admission, in a security bulletin posted July 9, confirms reports from the blogger Technion, who flagged the security issue in HP’s StoreOnce systems in June, before finding more backdoors in other HP storage and SAN products.

The most recent statement from HP, following another warning from Technion, admitted that “all HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer.”

While HP describes the backdoors as being usable only with permission of the customer, that restriction is part of HP’s own customer-service rules—not a limitation built in to limit use of backdoors. The entry points consist of a hidden administrator account with root access to StoreVirtual systems and software, and a separate copy of the LeftHand OS, the software that runs HP’s StoreVirtual and HP P4000 products.

Read the full article on /.

Leave a Reply

Your email address will not be published. Required fields are marked *