Breaking News

Home / Networking / Counterfeit Cisco switches raise network security alarms

Counterfeit Cisco switches raise network security alarms

In a disconcerting event for IT security professionals, counterfeit versions of Cisco Catalyst 2960-X Series switches were discovered on an unnamed business network, and the fake gear was found to be designed to circumvent typical authentication procedures, according to a report from F-Secure.

F-Secure says its investigators found that while the counterfeit Cisco 2960-X units did not have any backdoor-like features, they did employ various measures to fool security controls. For example, one of the units exploited what F-Secure believes to be a previously undiscovered software vulnerability to undermine secure boot processes that provide protection against firmware tampering. 

“Counterfeit units such as these can be easily modified to introduce backdoors within an organization. We emphasize that this is not what happened in this instance, but the attack execution would be mostly identical, which is why we think it is important to highlight such issues,” said Dmitry Janushkevich, a senior consultant with F-Secure Consulting’s hardware security team and lead author of the report.

“In this instance the motivation is purely economic as this is done just to sell counterfeit units for a profit. However, the techniques and opportunities are identical to attacks aimed at compromising the security of organizations.”

Still, in this case, the security functions were bypassed, weakening the security posture of the device. This could give attackers who have already gained code execution via a network-based attack, for example, an easier way to gain persistence, and therefore impact the security of the whole organization, Janushkevich said.

This story began in 2019 when the unnamed company had some network switches fail after a software upgrade – not an uncommon occurrence in a counterfeit device, experts say. While the device lost its primary function as a network switch when the software upgrade was installed, it could still be accessed via the console, F-Secure reported. Reverting the software version did not fix the problem, likely pointing to evidence of data being overwritten during the update process, according to F-Secure.

Copyright © 2020 IDG Communications, Inc.




Source link

About admin

Check Also

How to install the Rudder system audit platform on Ubuntu 20.04

How to install the Rudder system audit platform on Ubuntu 20.04 Length: 2:48 | Sep ...

Leave a Reply

Your email address will not be published. Required fields are marked *