CISCO warns of back door built into equipment
CISCO makes much of the equipment that runs and secures the Internet. Snowden’s leaks already disclosed that the NSA has complete access to CISCO gear, including the ability to install software modifications.
Now we know how for at least some devices. A little boring technical stuff. SSH is the main tool used to connect remotely to devices on the Internet. There are several ways to prove to the remote device that it should let you in. The simple method is sending a userid and password. For many situations, that is impractical. For example, I frequently connect the test machine to the production machine in Texas. If I was using passwords, I would have to constantly type the password (risking someone watching my keyboard) or “hard code” the password somewhere.
A better alternative is a public/private key exchange. Both computers have a secret private key and a public key. You can’t derive my private key if I give you my public key. But if you take my public key and combine it with your private key, the resulting key establishes beyond any reasonable doubt that both ends know who the other end is. Someone recording the exchange of keys still cannot derive a private key or be able to masquerade as a real device.
What CISCO just admitted is every device in their advisory has a hard coded key for its support responsibilities. This allows anyone with knowledge of that private SSH key for CISCO support to connect to the device as an authenticated user. All if takes is for CISCO to provide that key to government agencies, or a hacker or ex-employee to find and leak the private key, and every internet connected CISCO device affected is vulnerable to complete remote control by unknown remote persons.
If Snowden doesn’t get a Nobel Peace Prize, the award has no meaning
Well, Art, it seems that you and I may see things differently here. From memory, you had been critical of volunteer written and/or open source code for security reasons. I tend to favor it for the same security reasons.
In fact, I have had a Linksys (Cisco) router that I had flased from the Cisco software to an open source alternative because I felt it was low security risk.
I am not sure if this backdoor exists in the Cisco home product line (Linksys) but if it does, flashing the ROM is likely to eliminate it unless the intruder can access the boot loader and flash the ROM again without my knowledge.
Bottom line, lots of unknowns – both known unknows and unknown unknowns. The only thing for certain in life is that a grateful Iraq will pay for it all once they start pumping oil. 😉
These are not the kind of gear you or I would be using, although the haphazard approach to security has me thinking it probably affects more than just this announced set of gear.
These are the kind of devices that big corporations use to prevent and detect breakins. I got to spend several weekends babysitting while the network gurus slipped them into the chain of devices.
Assuming for the moment that the hard coded authentication key wasn’t for NSA use, I can understand the problem. If the customer loses control of the device and it isn’t somewhere that a tech can reach over and reset, support coming in remotely might be the only way to regain control. In my experience, that’s pretty much what happened. The machines were inside the computer room in Phoenix. None of the people were in Phoenix. They did something wrong and got “stuck”. It ended up they had to roust someone out of bed at midnight on Sunday morning to go to the computer room and access the device locally. It was a disaster – they suspended the entire security upgrade, and ultimately chose an entirely different security system and did it about six months later, but had to phase it in over multiple weeks to mitigate the risk of breaking it and not being able to back it out. Restaurants need their potatoes on Monday even if the IT infrastructure was DOA.