Meet ???, a Cisco router secure boot flaw • DigitalMunition
Security weaknesses at the heart of some of Cisco's network routers, switches, and firewalls can be exploited by hackers to hide spyware deep inside compromised equipment.
In order to exploit these flaws, dubbed ??? or Thrangrycat by their discoverers, a miscreant or rogue employee needs to be able to log into the vulnerable device as an administrator, and can thus already do a lot of damage or snooping on your enterprise anyway.
What makes ??? interesting is that it can be used by an attacker to take that initial privileged access and go deeper, making fundamental changes to the way the equipment boots up so that spyware, once installed, is always secretly present and running, and can't be patched out or removed. Normally, not even admin users are allowed to do that. The vulnerability allows malicious code to persist on compromised systems.
Technical overview
Thrangrycat comes in two parts. First, there's a flaw (CVE-2019-1862) in the web-based user interface of the Cisco IOS XE Software that can be exploited by a logged-in administrator to execute commands as root on the underlying Linux-based shell.
A rogue admin can leverage that input-sanitization vulnerability to exploit the second part: it is possible to use the aforementioned root-level access to change the firmware (CVE-2019-1649) used to configure an on-board FPGA chip that's used to securely boot the equipment.
FPGAs are chips with thousands of logic gates and other circuitry that can be rewired as required on-the-fly to perform custom operations in hardware. How the gates and circuits are connected and interact is defined by a bitstream stored in the motherboard firmware.
Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are – oh no, wait, it's Cisco again
READ MORE
This FPGA is configured to implement what Cisco calls its Trust Anchor module: this technology ensures the equipment boots software that is legit and hasn't been tampered with. It verifies the integrity of the system code before allowing the main processor to execute a bootloader that gets the whole thing going.
Unfortunately, the Trust Anchor module (TAm) doesn't check that its own data is legit: the bitstream sits unprotected on an SPI flash chip on the motherboard, and can be twiddled with by someone with root access.
Therefore, if you alter this configuration data as root, the next time the kit boots up, the FPGA will read in its tampered-with bitstream from the flash storage. This modified bitstream could cause the TAm to allow any operating system to start up, even one with malware stashed in it, and prevent any more changes to the bitstream stored in the firmware.
Thus if you get root access, you can hide your backdoor or network surveillance tools in the operating system, then you can change the bitstream in the firmware to allow that malicious code to boot, and block any further attempts to change the bitstream. Then restart, watch your changes come into effect, and spy away.
It's ingenious, but again, bear in mind, a miscreant would need admin-level access to get started, so you're probably hosed at that point anyway. Crucially, this vuln means a snoop in your network infrastructure can persist even after you think you've flushed them out with software patches and password changes.
Discovery
??? was found and reported by a team from Red Balloon Security – specifically, Jatin Kataria, Richard Housley, James Chambers, and Ang Cui – after they spent the past three years digging into FPGA-based gear. In the last year or so they have specifically looked at Cisco’s use of an FPGA chip in its TAm.
“We tried to push the envelope by using direct bitstream manipulation, a relatively new technique,” Dr Ang Cui, the chief scientist of Red Balloon Security, told DigitalMunition on Monday. “In 2012, when Cisco was introducing this, no one thought it was possible but seven years later it is.”
The full details are not going to be released until this year's Black Hat USA security conference in August. Cisco was privately tipped off by Red Balloon Security in November 2018, and only now is the issue public. The ??? exploits were tested on a Cisco ASR 1001-X, though plenty of devices are at risk because they use the FPGA-based TAm. The team summarized Thrangrycat thus:
Cisco has published advisories on both flaws highlighted by the researchers, and listed all affected products. Switchzilla has issued free patches to install to kill off both bugs. Obviously, if you've already been pwned via the secure boot hole then there's a chance the fix for the FPGA bitstream blunder won't work, though there is no indication anyone's actually exploiting Thrangrycat.
Cisco, for one, told us it "is not aware of any malicious use of the vulnerability." So, get patching. ®
Sponsored:
Getting More From Less
Gloss