Cisco’s backdoors abound

Published on the 24/07/2018 | Written by Pat Pilcher


Cisco backdoor access

With five backdoors discovered in Cisco gear since 2013, perhaps Australia might want to apply the same standards used on Huawei with Cisco?…

Australian intelligence agencies echoing of US concerns that Huawei gear could get hacked by the Chinese government for espionage purposes has seen Chinese telco supplier Huawei under fire in Australia. Ironically, the very fears raised by intelligence agencies in both countries may also be affecting equipment from US networking giant, Cisco.

According to Toms Hardware, a total of five different backdoors have been found in Cisco hardware and software since 2013.

“Like the original gift that keeps giving, hidden accounts and backdoors have continued to pop up in Cisco hardware.”

Backdoors are undocumented access portals designed to allow administrators to enter a system for troubleshooting or maintenance. Hackers and intelligence agencies can also use them for unauthorised or covert access.

In 2004, Cisco authored a proposal for a “lawful intercept” protocol on their network equipment. It was proposed so law enforcement agencies could remotely and invisibly log into enterprise or ISP routers when carrying out investigations.

Several years later, an IBM security researcher showed how hackers could also misuse Lawful Intercept. Misuse of Lawful intercept didn’t come to light until 2013, when German newspaper Der Spiegel, alleged that NSA was using backdoors in Cisco equipment.

Things died down until 2014 when a new undocumented backdoor got discovered in Cisco’s smaller routers for SMEs. These could again allow attackers to access user credentials and execute other commands with escalated access privileges.

It didn’t end there. Last year, WikiLeaks detailed a vulnerability in Cisco hardware that they said allowed the CIA to take control of selected Cisco switches. In March this year, researchers also found a hardcoded user account with the username ‘cisco’ in selected Cisco hardware. In theory, this account would enable access to a vast number of Cisco routers and switches.

Like the original gift that keeps giving, hidden accounts and backdoors have continued to pop up in Cisco hardware. Another hardcoded password got found in the Cisco Prime Collaboration Provisioning software (used for remote installation of Cisco’s video and voice products). In May, Cisco found yet another undocumented backdoor in their Digital Network Architecture (DNA) Center, which gets used for provisioning Cisco devices. If the discovery of two backdoors wasn’t enough, researchers found a third in June. This time it was in Cisco’s Wide Area Application Services software tool.

More recently, yet another backdoor got uncovered in the Cisco Policy Suite, an app suite for managing network bandwidth policies. It could, in theory, give an attacker root access to an entire network.

So what’s a frazzled CIO with racks full of Cisco equipment to do? According to Ian Welch, Associate Professor of the School of Engineering and Computer Science, Victoria University, the answer may involve going open source: “Part of the problem is that people buying Cisco have no way of knowing what the software inside the routers is doing. So part of the solution is to simplify the hardware to reduce the attack surface and also remove hiding space for backdoors and expose the workings of the software controlling the hardware.”

Welch calls this open-source approach software-defined networking and says it’s being embraced by a growing number of network hardware manufacturers (including Cisco and Huawei) and Allied Telesis (a Japanese company who does their design and research in Christchurch).

In layperson terms, software-defined networking separates forwarding from control. So, while switching gets done by hardware and a programmable interface, routing and other functions are done on general purpose hardware such as PCs. Open source controller software means the router or switches code are easy to inspect. Open processes around the fixing and raising of issues also make hidden backdoors and hard-coded accounts next to impossible to hide.

An example of this, says Welch, is Faucet, a software-defined networking controller for large and small enterprises that brings the value of software-defined networking to the mass market.

Faucet’s underlying technology was initially developed at REANNZ and gets curated by the Faucet Foundation. Three of Faucet’s board members are in New Zealand, with other members from Google, ESnet, LBLNet at Lawrence Berkeley National labs and Tokyo University.

Faucet is in use at sites including Open Networking Foundation, REANNZ, AARNet, ESNet, Victoria University of Wellington, Allied Telesis, The University of Tokyo, WIDE Project, Toulouse Internet Exchange and WAND Group Waikato University.

Either way, the size of the problem is enormous, especially given the massive amount of Cisco networking equipment in use worldwide. IDC’s Worldwide Quarterly Ethernet Switch and Router Tracker shows Cisco accounted for 54.9 percent of the network switch and router market during the fourth quarter of 2017.

The hypocrisy of this situation is unlikely to be wasted on Huawei’s Australian operations. Australian media have speculated that fears of a theoretical threat could see the Chinese manufacturer barred from networking related business in Australia, yet US network equipment maker Cisco’s ongoing security issues have yet to gain traction both politically or in the media.

 

Post a comment or question...

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

MORE NEWS:

Processing...
Thank you! Your subscription has been confirmed. You'll hear from us soon.
Follow iStart to keep up to date with the latest news and views...
ErrorHere