Eregion Hardware Security Alert

If you have any equipment from Eregion, made by Celebrimbor, I strongly recommend you replace it as soon as possible. There are a number of known exploits noted on several of their flagship platforms, allowing them to be easily compromised.

Most importantly, if you have a Ring of Power from Eregion, dispose of it immediately. We know of full compromises on the Dwarf-king and Human-king models, but have not seen full compromises on the Elf-lord models. The Ring of Power exploit involves a backdoor admin account that allows full control of the device and anyone wearing it. Although no organization or individual has publicly claimed responsibility for the action described, forensics indicates a pattern consistent with Sauron, servant of Morgoth. The Dwarf-king models will basically allow Sauron to access the financial resources of the owner and operator of that kind of Ring of Power. The Human-king models create a sort of botnet, using the Human-king Ring of Power owners as the central server to send out instructions to large groups of men, wargs, orcs, goblins, trolls, and oliphaunts.

While the Elf-lord models are not totally compromised, users have noted suspicious activity in association with their usage, and that activity has been confirmed to be linked to Sauron. Use the Elf-lord models advisedly.

The source of the exploit seems to have been due to Celebrimbor’s employment of a certain employee, Annatar, in the manufacture of these lines. Due to lax screening procedures and security clearances, Annatar was able to gain access to the production process of the Dwarf-king and Human-king lines, where he introduced code for his admin backdoor. Later events showed that Annatar was none other than Sauron himself in disguise. We have confirmed that Annatar/Sauron did not have access to the production of the Elf-lord models, but was in the area at the time of their manufacture.

The second major alert deals with the “Door” line of secure gateway products made at Eregion. While Sauron was not involved in their making, it is clear that the lax attitude toward security at Eregion that allowed Sauron access to the Rings of Power line was also in evidence during construction of their Door line.

Specifically, the Door products have the administrative access password written on the exterior of the product, in plain view. This is a grave breach of security, and should be taken seriously.

We have also received reports of a line of traffic flow monitors called “The Watcher” generating false positives in conjunction with Eregion Door products. While Eregion did not manufacture Watcher systems, we do know of instances in which persons reported a Watcher shutting down a Door secure gateway after the same persons provided the password to gain access. It is also clear from the Watcher activity that it was set to delete traffic inbound or outbound from that interface. For this reason and the one given immediately above, R’lyeh Consulting, LLP, advises strongly to replace any and all Eregion Door secure gateway products.

R’lyeh Consulting, LLP, is able to provide aeons untold of experience and expertise in assisting you in securing what is most valuable in your enterprise systems. If you have Eregion products in your enterprise and need replacement systems, we can help.

Be Sociable, Share!

Leave a Reply

You must be logged in to post a comment.