Fear Renewed: The Cisco Router Rootkit

The media is all abuzz about a possible Cisco router rootkit that may be part of a presentation at a near future security conference.

While various issues with Cisco gear have emerged over the years and there has been at least one really public overreaction on the part of Cisco to vulnerability disclosure talks, there is probably little to really get spun up about here for the average corporate manager or infosec person.

The big news is that hostile, difficult to detect code could be introduced to routers at any point in their lifespan if an attacker has access to introduce images onto the router. This is a common problem with almost every type of device. There have been a number of trojan horse loads for everything from home firewalls to other forms of network gear for a number of years. Sure, the Cisco router is almost ubiquitous, and sure, it powers a lot of the Internet at large, but I think we pretty much always assumed that attackers with physical access and opportunity could introduce bad things to a device if they gained opportunity.

So before you give in to the hype or fear mongering, consider how this is different than any other form of software/firmware or the like. Likely, you already have a process in place for blowing new firmware onto all devices you purchase before putting them into use (right???). If not, it might be time to think about writing one…

Leave a Reply