Red Balloon Security finds critical design flaw in Cisco routers, switches and firewalls

Red Balloon Security's researchers say they have found two critial flaws that impact Cisco's routers, switches and firewalls. (Red Balloon Security)

Red Balloon Security announced that it has found a bug in Cisco's secure boot process that could have a huge impact on the networking giant's customers.

Given the number of routers, switches and firewalls that Cisco has deployed globally, Red Balloon Security said the critical vulnerability could affect service providers, government networks and enterprises on a massive scale.

The bug, which is code named "Thrangrycat," was caused by design flaws within Cisco's Trust Anchor module. The Trust Anchor is a security feature that Cisco has used across its enterprise routers, switches and firewalls since it was first introduced in 2013.

Sponsored by Ribbon

Webinar: Identity Assurance – Restoring Your Customer’s Trust in the Phone

Learn about Ribbon Call TrustTM, an identity assurance solution that encompasses STIR/SHAKEN and on a per-call, real-time basis will: determine caller intent and identify bad actors from network and call data analytics; provide multi-dimensional reputation scoring using Machine Learning algorithms; and recommend optimal call validation treatment. And will do this for both IP and TDM phone calls. With Ribbon Call Trust™ you can defeat robocalls and fraud attacks, truly restoring your customer’s trust in the phone.

The Trust Anchor is a "secure enclave" within motherboards, separate from a device's memory or a discrete chip. In theory, users and administrators aren’t able to make changes over the Trust Anchor because it serves as the underpinning security and trustworthy computing mechanisms in devices.

The Thrangrycat vulnerability allows an attacker to make persistent modifications to the Trust Anchor module via remote explotations without the need for physical access. Thrangrycat can defeat the secure boot process and invalidates Cisco's chain of trust at its very core, according to Red Balloon.

Red Balloon said it tested Cisco 1001-X routers, and found that its employees could not only compromise the secure boot process, but also that the Trust Anchor still reported that the device was trustworthy.

RELATED: AT&T's Rita Marty: Machine learning is crucial to 5G security

Red Balloon Security researchers have demonstrated physical destruction of Cisco routers by leveraging Thrangrycat via remote exploitation, according to the company. The company also said it found a bug in Cisco's IOS operating system. On Monday, Cisco announced a patch for some of the issues that the Red Balloon researchers discovered.

“Cisco is committed to transparency," a Cisco spokesperson wrote in an email to FierceTelecom. "When security issues arise, we handle them openly and as a matter of top priority, so our customers understand the issue and how to address it. On May 13, Cisco published a security advisory about a vulnerability in the logic handling access control to one of the hardware components on Cisco's proprietary Secure Boot implementation.

"Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory. Cisco will release fixes for this vulnerability. Customers should review the advisory for complete detail to assess and protect their networks."

Since the Thrangrycat flaws reside within the hardware design, Red Balloon said it was unlikely that a software security patch would fully resolve the fundamental security issue.

“This is a significant security weakness which potentially exposes a large number of corporate, government and even military networks to remote attacks,” said Dr. Ang Cui, founder and chief scientist of Red Balloon Security, in a statement. “We’re talking about tens of millions of devices potentially affected by this vulnerability, many of them located inside of sensitive networks. These Cisco products form the backbone of secure communications for these organizations, and yet we can exploit them to permanently own their networks."

Cui added, "Fixing this problem isn’t easy, because to truly remediate it requires a physical replacement of the chip at the heart of the Trust Anchor system. A firmware patch will help to offset the risks, but it won’t completely eliminate them. This is the real danger, and it will be difficult for companies, financial institutions and government agencies to properly address this problem.”

Suggested Articles

Employers used to give some workers a company phone; now they have the option to offer company internet.

CenturyLink is not a wireless company, but the company expects to be an important player in 5G and IoT.

Verizon Business’ Chief Product Officer Aamir Hussain said four categories of Verizon Business services are hot commodities during Covid.