16
Cisco warns customers about strikes installing rogue firmware on networking equipment
Installing firmware that is rogue on devices that are embedded has for a long time been a problem for security researchers, also it appears that such strikes have begun to gain ground with hackers.
In an advisory Cisco Systems warned customers that it’s conscious of a small variety of instances where the boot firmware has been replaced by attackers on devices. Most Cisco routers and switches run on and offers a sophisticated group of networking tools and attributes.
Attackers used administrative qualifications that were legal to be able to replace the ROMMON image on IOS devices, Cisco said.
ROM Monitor, or rOMMON, is the low level firmware in charge of booting IOS up and initializing the hardware.
“No merchandise susceptibility is leveraged in this strike, along with the attacker requires legal administrative qualifications or physical access to the system to achieve success,” Cisco said in its advisory. “The skill to put in an updated ROMMON image on IOS devices is a regular, recorded characteristic that administrators use to deal with their networks.”
It is unclear how the attackers got the administrative qualifications used in the ROMMON compromises but it should function as a caution for firms with IOS gear that network administrators are a goal.
For attackers, the advantage of installing a malicious ROMMON image on a device is as typical IOS diseases do not live across reboots, the fact that it makes compromises constant.
Nevertheless, real world attacks using this system have been uncommon until now.
There are no comments.