14

Customer requested the implementation of a "Master PIN" Code for accessing their appliances, to be used by field technicians when the users forgot their PIN.
Actually they could also read or reset it via USB using the config utility, but then again it's much more convenient not having to carry a laptop all the time...

Our only contact person at that company - the guy we got all the requirements from, let's call him Mr. L - wouldn't talk only positive about the company and managers, but we never worried as the project was making good progress.

In the final phase of the project, Mr. L was often hard to reach, always seemed to be busy even when we just needed a prototype approved to start production.
He always claimed to be waiting for approval from his supervisors and engineers, still discussing minor things with them.

When he left the company about three months later, it turned out he was pretty much the only person knowing about the details of the project, and his successor would start asking us very basic questions about the appliance,
wondering why we had implemented certain things the way they were.
(Well, how about we implemented everything just as requested by a former co-worker of yours?!)

Somewhere in the preliminary specs previously exchanged with Mr. L, there is even a hint of a "Master PIN", but the value is never specified anywhere on paper.

Today, we are not sure if anyone except for him even knew about it.
Maybe we should ask them whether they are now selling a product that has a 4-digit backdoor PIN nobody at the company is aware of?

Obviously, it is the birth year of Mr. L.

Comments
  • 2
    Perhaps ask them if they’re in the mood for a product recall.
  • 1
    I hate this kind of masterpin! At least come up with some algorithm (some simple bit shifting, whatever using the serial number, and give the technicians an app where they can enter the serial nr and get the device pin, thatway they are not all the same...)
Add Comment