Hunting for backdoors in counterfeit Cisco devices

1 July 2020 IT infrastructure

Hardware security specialists with cybersecurity provider F-Secure have published a report detailing their investigation into a pair of counterfeit network switches. The investigation, which concluded that the counterfeits were designed to bypass processes that authenticate system components, illustrates the security challenges posed by counterfeit hardware.

F-Secure Consulting’s Hardware Security team investigated two different counterfeit versions of Cisco Catalyst 2960-X series switches. The counterfeits were discovered by an IT company after a software update stopped them from working, which is a common reaction of forged/modified hardware to new software. At the company’s request, F-Secure Consulting performed a thorough analysis of the counterfeits to determine the security implications.

The investigators found that while the counterfeits did not have any backdoor-like functionality, they did employ various measures to fool security controls. For example, one of the units exploited what the research team believes to be a previously undiscovered software vulnerability to undermine secure boot processes that provide protection against firmware tampering.

“We found that the counterfeits were built to bypass authentication measures, but we didn’t find evidence suggesting the units posed any other risks,” said Dmitry Janushkevich, a senior consultant with F-Secure Consulting’s Hardware Security team, and lead author of the report. “The counterfeiters’ motives were likely limited to making money by selling the devices. But we see motivated attackers use the same kind of approach to stealthily backdoor companies, which is why it’s important to thoroughly check any modified hardware.”

The counterfeits were physically and operationally similar to an authentic Cisco switch. One of the unit’s engineering suggests that the counterfeiters either invested heavily in replicating Cisco’s original design or had access to proprietary engineering documentation to help them create a convincing copy.

According to F-Secure Consulting’s head of hardware security, Andrea Barisani, organisations face considerable security challenges in trying to mitigate the security implications of sophisticated counterfeits such as the those analysed in the report.

“Security departments can’t afford to ignore hardware that’s been tampered with or modified, which is why they need to investigate any counterfeits that they’ve been tricked into using,” explained Barisani. “Without tearing down the hardware and examining it from the ground up, organisations can’t know if a modified device had a larger security impact. And depending on the case, the impact can be major enough to completely undermine security measures intended to protect an organisation’s security, processes, infrastructure, etc.”

F-Secure has the following advice to help organisations prevent themselves from using counterfeit devices:

• Source all your devices from authorised resellers.

• Have clear internal processes and policies governing procurement processes.

• Ensure all devices run the latest available software provided by vendors.

• Make note of even physical differences between different units of the same product, no matter how subtle they may be.

“We’re world leaders when it comes to breaking and implementing secure boot schemes, which are integral in protecting intellectual property and ensuring authenticity of firmware and hardware products. Our detailed analysis of this case highlights not only the challenges in determining the security implications of counterfeits, but also how we can support and reassure organisations that discover suspicious devices in their infrastructure," added Barisani.

The full report is available at https://labs.f-secure.com/publications/the-fake-cisco




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Integrated facilities management solutions
Issue 2 2021 , IT infrastructure
Tsebo Facilities Solutions provides a smart remote monitoring solution that will increase efficiency and, most importantly, mitigate risk.

Read more...
Creating hyper-aware industrial facilities
Issue 2 2021 , IT infrastructure
Jacob Chacko expands on what a cognisant industrial site is and why edge technology and the Industrial Internet of Things (IIoT) are relevant to it as well as hyper-aware industrial facilities.

Read more...
Cisco and AMD improve performance, security and hybrid cloud operations
Issue 2 2021 , IT infrastructure
Cisco has announced?an expanded engagement with AMD?to help businesses?accelerate advanced digital experiences?and improve hybrid cloud operations

Read more...
GJD unveils new Network Bridge product
Issue 2 2021 , IT infrastructure
GJD has announced the launch of its new Network Bridge, designed to easily connect GJD IP devices with third-party video management software and network compatible products, including Avigilon and other proprietary CCTV systems.

Read more...
Backup servers with free Altaro software
Issue 2 2021 , IT infrastructure
Altaro Physical Server Backup enables you to easily restore a physical server on your network and access it on your existing virtual environment, as a virtual disk or fully functional virtual machine.

Read more...
Vehicle-to-office connectivity
Issue 2 2021 , IT infrastructure, Mining (Industry)
A large coal and heavy minerals mining company in South Africa is rolling out a mine-wide wireless digital connectivity networking solution that interconnects the various employees’ mobile devices to monitoring systems on vehicles, mining equipment and conveyor belts throughout the mine.

Read more...
Introducing Video Storage Solutions
Issue 1 2021 , Integrated Solutions, CCTV, Surveillance & Remote Monitoring, IT infrastructure
Video Storage Solutions (VSS) was formed with the single objective of providing system integrators who are part of the Milestone Community with verified video recording and storage appliances. VSS is distributed in South Africa by First Distribution.

Read more...
Used electronics present security concerns
Issue 1 2021 , IT infrastructure
Employers have a legal obligation to clean old IT devices professionally and ensure that all data is erased from them prior to decommissioning and disposal or redistribution.

Read more...
CAPEX vs OPEX
Issue 1 2021 , IT infrastructure
With the rapidly accelerating pace of digital transformation last year, many organisations were forced to invest in data storage infrastructure, however, these businesses often face the dilemma of whether to opt for a solution acquired as a capital expense or operating expense.

Read more...
How technology enables better healthcare
Issue 1 2021 , IT infrastructure
With the need for digital acceleration to support the healthcare landscape since the onset of the COVID-19 global pandemic, technology has played a critical role to improve the standards of patient healthcare and enable health workers.

Read more...