|
Written by Dustin Welch
|
|
Monday, 08 February 2010 11:46 |
|
Here's an interesting little tidbit of information I came across while I was cruising some articles regarding last weeks Black Hat security conference. Cisco and other networking companies implement a 'backdoor' into all of their routers and switches for lawful intercept. What's lawful intercept you ask? Well, this basically means that by law, all networking equipment manufacturers selling to ISP's must provide a backdoor into their routers and switches so that law enforcement agencies can track the internet activity of individuals under surveillance.
With internet privacy always being a hot issue, this measure was first greeted with mixed reviews but most believed that if hackers couldn't get ahold of this backdoor information then security would be tighter for all of us. While that seems like a great thought, the fact of the matter is that Cisco and other networking giants haven't taken the time to tighten the security around the backdoors themselves. IBM researchers found several bugs, which by themselves are almost harmless, that can be used in conjunction with eachother to allow hackers to spy on network traffic and steal information.
Cisco was first warned about these bugs in 2008 and released a patch to correct some of the problems, but this major security issue still hasn't been addressed properly as of last week. Hackers are still able to access the backdoor and even after numerous failed password guessing attempts the systems don't A) Block the perpetrator from trying again or B) Alert a network administrator to the unauthorized access. This type of 'invisibility' was originally intended to hide the technique from ISP employees, who in theory could detect the intercept and alert the individual under surveillance. This has obviously gone completely wrong, instead of keeping dishonest employees out it's practically inviting hackers to spy and steal information without anyone being alerted until it's too late.
While it seems Cisco may be the primary target of the IBM researchers, keep in mind that all networking companies are legally required to bild lawful intercepts into their router and switch lines. Cisco is actually the only company that follows the advice of the Internet Engineering Task Force or IETF and makes its intercept architecture public, exposing it to peer review and security scrutiny. Other networking companies keep theirs in the dark and they most likely suffer from the same flaws or possibly more. Allowing the weaknesses to be public knowledge may seem like cutting your own throat, but knowing about them keeps IT personel informed and aware so that these issues can be mitigated properly.
|
|
Last Updated on Wednesday, 10 February 2010 17:02 |