Wired reports security holes have been discovered in Cisco's 1001-x series router. The router, which has the capacity to power institutions as large as stock exchanges, had a pair of vulnerabilities exposed by researchers at security firm Red Balloon. A bug in Cisco's Internetwork Operating System is the gateway hack researchers first discovered before going a step further by finding a way to bypass the router's Trust Anchor, the security feature Cisco has installed in products since 2013, and gain full access to a network. “We’ve shown that we can quietly and persistently disable the Trust Anchor,” Red Balloon Founder and CEO Ang Cui said. “That means we can make arbitrary changes to a Cisco router, and the Trust Anchor will still report that the device is trustworthy. Which is scary and bad, because this is in every important Cisco product. Everything.” (Registration may be required to access this story.)
If you want to comment on this post, you need to login.