Categories

Editor's Choice
Multimedia, Videos
AI & ML
Analogue, Mixed Signal, LSI
Circuit & System Protection
Computer/Embedded Technology
Design Automation
DSP, Micros & Memory
Edge Computing & IIoT
Electronics Technology
Enclosures, Racks, Cabinets & Panel Products
Events
Interconnection
Manufacturing / Production Technology, Hardware & Services
News
Opto-Electronics
Passive Components
Power Electronics / Power Management
Programmable Logic
Smart Home Automation
Switches, Relays & Keypads
Telecoms, Datacoms, Wireless, IoT
Test & Measurement





News



Print this page printer friendly version

Airlink Connection Manager security advisor

26 July 2023 News

Sierra Wireless recently received reports of malicious actors attempting to compromise Airlink Connection Manager (ACM) instances that are deployed insecurely with exposed SSH and using the default administrative credentials. Sierra Wireless security guidance for the configuration of ACM instances strongly recommends changing the administrative credentials prior to operational deployment, and limiting the exposure of SSH to secure management networks only.

As the frequency of compromise or compromise attempts appears to be increasing, Sierra Wireless strongly recommends that all customers review their ACM configuration and logs.

All versions of ACM may be vulnerable if they are deployed with SSH accessible from an insecure network such as the public Internet, and are using insecure credentials, including default, weak, or publicly known credentials. If an attacker can connect to an ACM instance and authenticate, they will gain full administrative control of the instance, allowing them to modify the configuration or access any secrets stored on the device.

Sierra Wireless recommends the following actions to secure your ACM instances:

• Ensure the administrative password, along with all other passwords, are changed from the defaults. All passwords should comply with accepted recommendations for strong passwords, such as those provided by Microsoft.

• Set external firewall rules to prevent access to SSH from insecure or untrusted networks such as the public Internet, preventing untrusted connections.

• Monitor ACM and firewall logs for unauthorised access attempts from unknown sources, and implement appropriate rules to block such attempts.




Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

From the Editor's desk: Growth through inclusivity
Technews Publishing News
As the engineering fields in South Africa continue to make progress toward gender equality, we are finally starting to see the presence and contribution of women in engineering and industrial roles.

Read more...
KITE 2025 proves its value
News
The KwaZulu-Natal Industrial Technology Exhibition (KITE) 2025 confirmed its place as KwaZulu-Natal’s must-attend industrial event, drawing thousands of industry professionals.

Read more...
Otto Wireless Solutions announces promotion of Miyelani Kubayi to technical director
Otto Wireless Solutions News
Otto Wireless Solutions is proud to announce the promotion of Miyelani Kubayi to the position of technical director, effective 1 August 2025.

Read more...
DMASS experiences continued slowdown
News
The European electronic components distribution market continued its downward trajectory in the second quarter of 2025, according to new figures released by DMASS.

Read more...
World-first zero second grid-to-backup power switch
News
JSE-listed cable manufacturer, South Ocean Electric Wire, has completed a solar installation it says marks a global first: a seamless switch from grid to backup power in zero seconds.

Read more...

News
OMC deploys cobots to improve throughput 10x, while maintaining quality and ensuring consistency of fibre optic production.

Read more...
Cobots for opto production line
News
OMC deploys cobots to improve throughput 10x, while maintaining quality and ensuring consistency of fibre optic production.

Read more...
SACEEC celebrates standout industrial innovation on the KITE 2025 show floor
News
Exhibitor innovation took the spotlight at the KITE 2025 as the South African Capital Equipment Export Council announced the winners of its prestigious New Product & Innovation Awards.

Read more...
SA team for International Olympiad in Informatics
News
The Institute of Information Technology Professionals South Africa has named the team that will represent South Africa at this year’s International Olympiad in Informatics.

Read more...
Anritsu and Bluetest to support OTA measurement
News
Anritsu Company and Sweden-based Bluetest AB have jointly developed an Over-The-Air measurement solution to evaluate the performance of 5G IoT devices compliant with the RedCap specification.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Publications by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  Hi-Tech Security Solutions
»  Hi-Tech Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd | All Rights Reserved