AOH :: IS1877.HTM

Hacking The Router Patching Conundrum

Hacking The Router Patching Conundrum
Hacking The Router Patching Conundrum 

By Kelly Jackson Higgins 
March 24, 2009

The dirty little secret about patching routers is that many enterprises 
don't bother for fear of the fallout any changes to their Cisco router 
software could have on the rest of the infrastructure. But the recent 
discovery of a way to easily hack the devices has turned upside down 
conventional wisdom that patching routers is more of a risk than an 
actual attack on these devices.

Researcher Felix "FX" Lindner's research earlier this year demonstrated 
that multiple versions of routers can be attacked -- specifically, 
Cisco's PowerPC routers -- shooting down the assumption that hacking 
routers requires separate exploits for each type of router. Enterprises 
traditionally have been content to avoid patching their Cisco routers 
because the chances of a major breach was less likely than the 
possibility of an unintentional outage from a router update.

"The underlying problem is that you cannot patch IOS -- you always need 
to update the entire image. And with this comes all kinds of 
compatibility issues with your configuration, hardware, and setup," says 
Lindner, a researcher with Recurity Labs.

Lindner demonstrated with his research that all an attacker needs is 
basic knowledge about the targeted device, rather than specifics of the 
IOS configuration. His exploit method applies to stack-buffer overflows, 
and he was able to execute memory writes and to disable CPU caches on 
Cisco routers running on the PowerPC CPU.


Best Selling Security Books and More! 

Site design & layout copyright © 1986-2014 CodeGods