WIRED: A Cisco Router Bug Has Massive Global Implications
John Young
jya at pipeline.com
Tue May 14 10:31:41 PDT 2019
What's the security benefit of Red Balloon's
attacks? Is this not a type of extortion or maybe
angling for bragging rights, a bribe to keep
quiet or a buy-out from deep-pocketed targets.
Hard to distinguish white hats from black and
gray (also Red Hat), sanctimony from villainy.
All emulating national security racketeering, or
more like religious whipsawing fear and salvation.
Leaking secrets has become a masturbation porn
racket too, always was, mea culpa.
At 12:27 PM 5/14/2019, you wrote:
>âââââââ Original Message âââââââ
>On Tuesday, May 14, 2019 4:39 AM, jim bell <jdb10987 at yahoo.com> wrote:
>
>>
>>WIRED: A Cisco Router Bug Has Massive Global Implications.
>><https://www.wired.com/story/cisco-router-bug-secure-boot-trust-anchor>https://www.wired.com/story/cisco-router-bug-secure-boot-trust-anchor
>
>The Cisco 1001-X series router doesn't look much
>like the one you
><https://www.wired.com/story/find-a-new-router/>have
>in your home. It's bigger and much more
>expensive, responsible for reliable connectivity
>at stock exchanges, corporate offices, your
>local mall, and so on. The devices play a
>pivotal role at institutions, in other words,
>including some that deal with hypersensitive
>information. Now, researchers are disclosing a
>remote attack that would potentially allow a
>hacker to take over any 1001-X router and
>compromise all the data and commands that flow through it.
>
>And it only gets worse from there.
>
>To compromise the routers, researchers from the
>security firm Red Balloon
><https://thrangrycat.com/>exploited two
>vulnerabilities. The first is a bug in Ciscoâs
>IOS operating systemnot to be confused with
>Apple's iOSwhich would ld allow a hacker to
>remotely obtain root access to the devices. This
>is a bad vulnerability, but not unusual,
>especially for routers. It can also be fixed
>relatively easily through a software patch.
>
>"Itâs not a trust buoy."
>
>Ang Cui, Red Balloon
>
>The second vulnerability, though, is much more
>sinister. Once the researchers gain root access,
>they can bypass the router's most fundamental
>security protection. Known as the Trust Anchor,
>this Cisco security feature has been implemented
>in almost all of the companyâs enterprise
>devices since 2013. The fact that the
>researchers have demonstrated a way to bypass it
>in one device indicates that it may be possible,
>with device-specific modifications, to defeat
>the Trust Anchor on hundreds of millions of
>Cisco units around the world. That includes
>everything from enterprise routers to network switches to firewalls.
>
>In practice, this means an attacker could use
>these techniques to fully compromise the
>networks these devices are on. Given Cisco's
>ubiquity, the potential fallout would be enormous.
>
>âWeâve shown that we can quietly and
>persistently disable the Trust Anchor,â says
>Ang Cui, the founder and CEO of Red Balloon, who
>has a history of revealing major
><https://www.wired.com/story/electromagnetic-pulse-hack/>Cisco
>vulnerabilities. âThat means we can make
>arbitrary changes to a Cisco router, and the
>Trust Anchor will still report that the device
>is trustworthy. Which is scary and bad, because
>this is in every important Cisco product. Everything.â
>
>
>Dropping Anchor
>
>
>In recent years, security-minded companies have
>increasingly added "secure enclaves" to
>motherboards. Different solutions go by
>different names: Intel has SGX, Arm has the
>TrustZone, Apple has the secure enclave. And Cisco has the Trust Anchor.
>
>They variously comprise either a secure part of
>a computerâs regular memory, or a discrete
>chipa saafe, secluded oasis away from the
>bedlam of the computerâs main processor. No
>user or administrator can modify the secure
>enclave, no matter how much control they have
>over the system. Because of its immutable
>nature, the secure enclave can watch over and
>verify the integrity of everything else.
>
>Secure-computing engineers generally view these
>schemes as sound in theory and productive to
>deploy. But in practice, it can be dangerous to
>rely on a sole element to act as the check on
>the whole system. Undermining that
>safeguardwhich has proven possible in many
>companiesâ implementationsstrips a device of
>critical protecttions. Worse still, manipulating
>the enclave can make it appear that everything
>is fine, even when it's very much not.
>
>That's the case with the Cisco 1001-X. The Red
>Balloon team showed specifically that they could
>compromise the device's secure boot process, a
>function implemented by the Trust Anchor that
>protects the fundamental code coordinating
>hardware and software as a device turns on, and
>checks that it's genuine and unmodified. It's a
>crucial way to ensure that an
><https://www.wired.com/story/fancy-bear-hackers-uefi-rootkit/>attacker
>hasnât gained total control of a device.
>
>On Monday, Cisco is
><https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190513-secureboot>announcing
>a patch for the IOS remote-control vulnerability
>the Red Balloon researchers discovered. And the
>company says it will also provide fixes for all
>product families that are potentially vulnerable
>to secure-enclave attacks like the one the
>researchers demonstrated. Cisco declined to
>characterize the nature or timing of these fixes
>ahead of the public disclosure. It also disputed
>that the secure boot vulnerability directly
>impacts the Trust Anchor. According to its
>security bulletin, all fixes are still months
>away from release, and there are currently no
>workarounds. When the patches do arrive, Cisco
>says, they will "require an on-premise
>reprogramming," meaning the fixes can't be
>pushed remotely, because they are so fundamental.
>
>âAs a point of clarification, Cisco advertises
>several related and complementary platform
>security capabilities,â a spokesperson told
>WIRED in a written statement. âOne of which
>that is relevant to this discussion is Cisco
>Secure Boot which provides a root of trust for
>system software integrity and authenticity.
>Another capability offered within certain Cisco
>platforms is the Trust Anchor module, which
>helps provide hardware authenticity, platform
>identity, and other security services to the
>system. The Trust Anchor module is not directly
>involved in the work demonstrated by Red Balloon.â
>
>Cisco seems to make a distinction between its
>"Trust Anchor Technologies," "Trustworthy
>Systems," and "Trust Anchor module," that may
>explain why it only considers secure boot to be implicated in the research.
>
>The Red Balloon researchers disagree, though.
>They note that Ciscoâs
><https://patents.google.com/patent/US20120303941>patent
>and other
><https://www.cisco.com/c/en/us/products/collateral/security/cloud-access-security/secure-boot-trust.html>documentation
>show that the Trust Anchor implements secure
>boot. If secure boot is undermined, the Trust
>Anchor is necessarily also defeated, because all
>of the tools are in a chain of trust together.
>You can see it visualized in
><https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/trustworthy-technologies-datasheet.pdf>this
>Cisco diagram.
>
>
>âThatâs why they call it an anchor! Itâs not a trust buoy,â Cui says.
>
>
>FPGA Tour
>
>
>The researcher group, which also includes Jatin
>Kataria, Red Balloonâs principal scientist,
>and Rick Housley, an independent security
>researcher, were able to bypass Ciscoâs secure
>boot protections by manipulating a hardware
>component at the core of the Trust Anchor called
>a
>â<https://www.wired.com/2016/05/googles-making-chips-now-time-intel-freak/>field
>programmable gate array.â Computer engineers
>often refer to FPGAs as âmagic,â because
>they can act like microcontrollersthe
>processors often used in embedded devvices but
>can also be reprogrammed in the field. Thatt
>means unlike traditional processors, which can't
>be physically altered by a manufacturer once
>they're out in the world, an FPGA's circuits can be changed after deployment.
>
>FPGAs pull their programming from a file called
>the bitstream, which is usually custom-written
>by hardware makers like Cisco. To keep FPGAs
>from being reprogrammed by mischievous
>passersby, FPGA bitstreams are extremely
>difficult to interpret from the outside. They
>contain a series of complex configuration
>commands that physically dictate whether logic
>gates in a circuit will be open or closed, and
>security researchers evaluating FPGAs have found
>that the computational power required to map an
>FPGAâs bitstream logic is prohibitively high.
>
>"This is proof that you canât just rely on the FPGA to do magic for you."
>
>Josh Thomas, Atredis
>
>But the Red Balloon researchers found that the
>way the FPGA was implemented for Ciscoâs Trust
>Anchor, they didnât need to map the whole
>bitstream. They discovered that when Ciscoâs
>secure boot detected a breach of trust in a
>system, it would wait 100 secondsa pause
>programmed by Cisco engineers, perhaps to buy
>enough time to deploy a repair update in case of
>a malfunctionand then physically kill the power
>on the device. Thhe researchers realized that by
>modifying the part of the bitstream that
>controlled this kill switch, they could override
>it. The device would then boot normally, even
>though secure boot accurately detected a breach.
>
>âThat was the big insight,â Red Balloonâs
>Kataria says. âThe Trust Anchor has to tell
>the world that something bad has happened
>through a physical pin of some sort. So we
>started reverse engineering where each pin
>appeared in the physical layout of the board. We
>would disable all the pins in one area and try
>to boot up the router; if it was still working,
>we knew that all of those pins were not the one.
>Eventually we found the reset pin and worked
>backward to just that part of the bitstream.â
>
>The researchers did this trial-and-error work on
>the motherboards of six 1001-X series routers.
>They cost up to about $10,000 each, making the
>investigation almost prohibitively expensive to
>carry out. They also broke two of their routers
>during the process of physically manipulating
>and soldering on the boards to look for the reset pin.
>
>An attacker would do all of this work in advance
>as Red Balloon did, developing the remote
>exploit sequence on test devices before
>deploying it. To launch the attack, hackers
>would first use a remote root-access
>vulnerability to get their foothold, then deploy
>the second stage to defeat secure boot and
>potentially bore deeper into the Trust Anchor.
>At that point, victims would have no reason to
>suspect anything was wrong, because their devices would be booting normally.
>
>
>âThe exposure from this research will
>hopefully remind the companies out there beyond
>just Cisco that these design principles will no
>longer stand as secure,â says Josh Thomas,
>cofounder and chief operating officer of the
>embedded device and industrial control security
>company Atredis. âThis is proof that you
>canât just rely on the FPGA to do magic for
>you. And itâs at such a low level that itâs
>extremely difficult to detect. At the point
>where youâve overridden secure boot, all of
>that trust in the device is gone at that point.â
>
>
>Even Bigger Problems
>
>
>Thomas and the Red Balloon researchers say they
>are eager to see what types of fixes Cisco will
>release. They worry that it may not be possible
>to fully mitigate the vulnerability without
>physical changes to the architecture of
>Ciscoâs hardware anchor. That could involve
>implementing an FPGA in future generations of
>products that has an encrypted bitstream. Those
>are financially and computationally more
>daunting to deploy, but would not be vulnerable to this attack.
>
>
>
><https://www.wired.com/author/lily-hay-newman/?itm_campaign=AuthorCarveLeft>Lily
>Hay Newman covers information security, digital privacy, and hacking for WIRED.
>
>
>And the implications of this research don't end
>with Cisco. Thomas, along with his Atredis
>cofounder Nathan Keltner, emphasize that the
>bigger impact will likely be the novel concepts
>it introduces that could spawn new methods of
>manipulating FPGA bitstreams in countless
>products worldwide, including devices in high-stakes or sensitive environments.
>
>For now, though, Red Balloonâs Cui is just
>worried about all of the Cisco devices in the
>world that are vulnerable to this type of
>attack. Cisco told WIRED that it does not
>currently have plans to release an audit tool
>for customers to assess whether their devices
>have already been hit, and the company says it
>has no evidence that the technique is being used in the wild.
>
>But as Cui points out, âTens of thousands of
>dollars and three years of doing this on the
>side was a lot for us. But a motivated
>organization with lots of money that could focus
>on this full-time would develop it much faster.
>And it would be worth it to them. Very, very worth it.â
More information about the cypherpunks
mailing list