RigNet

Enabling Intelligence. Delivering Results.

Ensuring You’re Protected: Cisco Bug Affecting Millions of Devices has Huge Global Implications

Researchers disclosed a remote attack that potentially allows a hacker to take over any CISCO 1001-X router and compromise all the data and commands that flow through it.

To compromise the routers, researchers exploited two vulnerabilities:

  1. A bug in Cisco’s IOS allowing a hacker to remotely obtain root access to the devices.
  2. Once the researchers gain root access, they can bypass the router’s most fundamental security protection, the Trust Anchor, which has been implemented in almost all of Cisco’s enterprise devices since 2013. The vulnerability indicates that it may be possible to defeat the Trust Anchor on hundreds of millions of Cisco units globally, ranging from enterprise routers to network switches to firewalls.

After gaining root access, the rogue administrator can remotely bypass Trust Anchor on a targeted device and install a malicious backdoor.

“By chaining the Thrangrycat and remote command injection vulnerabilities, an attacker can remotely and persistently bypass Cisco’s secure boot mechanism and lock out all future software updates to the TAm,” researchers said.

“Since the flaws reside within the hardware design, it is unlikely that any software security patch will fully resolve the fundamental security vulnerability.”

This means an attacker could use these techniques to fully compromise the networks these devices are on.

CyphreLink is not vulnerable to the same exploit. Cisco’s secure boot feature is done in the FPGA, which itself can be altered, and thus by-pass the secure boot checks. Powered by BlackTIE technology, CyphreLink’s secure boot and related chain-of-trust is all in silicon and cannot be altered. Additionally, Cyphre’s hardware is configured in a non-reversible way that mandates the system always do secure boot, which cannot be altered physically or remotely. If you’d like to know more about CyphreLink and how it encrypts data in motion, download more information here:

Learn More About CyphreLink

Sources: Wired.com and The Hacker News


Let’s Talk
About The Future

Schedule a RigNet digital transformation consultation to learn how RigNet can impact your business.

SCHEDULE CONSULTATION