WIRED reported yesterday that a security bug in a Cisco router has massive global implications. According to the article, to compromise the routers, researchers from the security firm Red Balloon exploited two vulnerabilities. The first is a bug in Cisco’s IOS operating system—not to be confused with Apple’s iOS—which would allow a hacker to remotely obtain root access to the devices…The second vulnerability, though, is much more sinister. Once the researchers gain root access, they can bypass the router’s most fundamental security protection. Known as the Trust Anchor, this Cisco security feature has been implemented in almost all of the company’s enterprise devices since 2013…In practice, this means an attacker could use these techniques to fully compromise the networks these devices are on. Given Cisco’s ubiquity, the potential fallout would be enormous.
Expert Comments
Sam Curry, Chief Security Officer at Cybereason:
“Make no mistake, the vulnerabilities have the potential to disrupt global internet traffic and the recent disclosures of Cisco 1001-X router bugs have short and long term ramifications. The second vulnerability is analogous to a bank leaving their vault doors open with all the security guards on lunch break creating a free-for-all. That’s not trivial. Anything that potentially can affect the large routers that move mega-traffic amongst the online retailers, banks, global stock exchanges, social media companies, the largest enterprises and the governments in the world is the ideal target for attackers.
Cisco has created a gold rush opportunity for hackers to find new ways to compromise their IOS. And why not? If hackers are successful developing these attacks, the riches are right there for the taking. This calls for new countermeasures and monitoring and establishing more defence-in-depth if an outright architectural fix isn’t possible in some way. The troubling news is that researchers are reporting that Cisco’s Trust Anchor security feature has been compromised. It is essentially the security stamp that Cisco puts on hundreds of millions of products. If the hackers can bypass this security feature, consider that there are at least 6 years of routers out there potentially affected, All eyes are on Cisco for what their response will be.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.