The RadioLinx ControlScape application is used to configure and installradios in a FHSS radio network and to monitor their performance. ProSoft Technology states that default values built into the software work well for initial installation and testing. The software generates a random passphrase and sets the encryption level to 128-bit AES when it creates a new radio network.
This product uses the standard C runtime libraries calls “srand” and “rand” to seed and generate passphrases. Because it uses the local time as seed, an attacker can predict the default values built into the software. This makes the system vulnerable to expedited brute-force passphrase/password attacks and other cryptographic-based attacks. Custom passphrases are not vulnerable to this type of attack. An attacker could compromise the device network and affect its data integrity, confidentiality, and availability.