Network security company FireEye has reported a hack called SYNful Knock that modifies the firmware on some Cisco routers letting attackers maintain a persistent presence in the victim’s router. According to the report, 14 such router implants were confirmed to exist in four different countries including India. Cisco itself admitted to the hack and has published guidelines to help detect such attacks. According to this ibtimes report, FireEye claims that these routers are gateways to entire countries’ infrastructures and act as the ‘ultimate listening device’. Interestingly, the report further mentions that due to the sophistication of the attack, only nations with enough resources and technical knowledge could carry it out, rather than individual users or private hacker groups. The company added that multiple countries are using the exploit to spy on other countries. The affected routers are Cisco 1841, 2811 and 3825 routers, although FireEye mentions that other models are also likely affected based on the similarity in function and IOS (Cisco’s router OS) code base. Note that these attacks do not take advantage of any vulnerability as such, and instead require physical access or login credentials in order to install the backdoor. However, once installed, the backdoor lets attackers access all data flowing through the router. Persistent and modular: The malicious firmware continues to persist on rebooting the router, and provides access to the attacker via a backdoor password through Telnet. The firmware can then be instructed to download other modules stealthily, although these modules are automatically removed on a…
Please subscribe to MediaNama. Don't share prints and PDFs.
You May Also Like
News
Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...
Advert
135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...
News
By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...
News
Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...