Subscriber Discussion

Backdoors Keep Appearing In Cisco's Routers

BP
Bas Poiesz
Dec 10, 2018

This article caught attention, and I am curious to see how others feel.

Cisco is a well respected USA built and based company, used in many networks.
If the article would say 'Chinese manufacterer so and so' instead of Cisco, and 'Chinese Government' instead of NSA, I think sentiment would be very different.

Does being a US based company make it ok for a product to basically open the gates to a secret service?
Are there any precautions you take to make sure this has no influence (and if so, would you put an asian camera in a network with the same peace of mind?)

The NSA uses it's intel and power not just to look inside the USA, but also outside, like listening in on Europe.
Perhaps this explains why not everyone is a fan of NSA/PRISM and programs like this.

 

 

 

 

(1)
(2)
(1)
U
Undisclosed #1
Dec 10, 2018

I'll have to read through the article later, but for now can you tell me if the backdoors are easily exploitable the way the Hikvision/Dahua ones are, or are they more locked down?

BP
Bas Poiesz
Dec 10, 2018

Well that depends on who can exploit it. People trolling Hik cams was easy with the well documented exploit. This one seems easy for certain parties (i.e. NSA) but hard for regular Joe.

U
Undisclosed #2
Dec 10, 2018

Based solely on the content of that article I would absolutely boycott the use of Cisco products. But given how open they are about the "lawful intercept backdoor", it makes me suspect that pretty much every vendor is likely to have similar backdoors. I wonder if there is a solid open-source switching solution?

No, it is not okay because it is a US company. Any vendor who intentionally leaves holes in their products for unauthorized access is blatantly violating the trust and rights of their customers. They also weaken security and IT infrastructure by opening it up to malicious attacks.

(2)
BP
Bas Poiesz
Dec 10, 2018

But given how open they are about the "lawful intercept backdoor", it makes me suspect that pretty much every vendor is likely to have similar backdoors.

Use Selective Honesty and Generosity to Disarm Your Victim

Based solely on the content of that article I would absolutely boycott the use of Cisco products.

It's tough to know who you can work with, as so many parties have troubles, both intentional and unintentional. The reason I posted this is to make clear threats are coming from all directions, some closer to home than expected.

To be frank, we developed our own monitored VPN solution to block out as much as technically conceivable.

 

(2)
(1)
U
Undisclosed #2
Dec 10, 2018

From a national security and IP-theft standpoint, I'd rather a US-made product with backdoors designed to be exploited by US-based government entity be used on our soil over a foreign product with potentially similar backdoors. That said - any backdoor carries a high risk of discovery and exploitation by anyone and everyone with malicious intent regardless of the origin. You're pretty well screwed either way.

This is a sober reminder of the importance of multi-layered security. Maybe it also highlights an advantage of employing network products from different vendors? At least then you could potentially audit traffic in one appliance that went undetected in another?

BP
Bas Poiesz
Dec 10, 2018

And if your not US-based.... maybe a tariff would solve it!

 

(1)
U
Undisclosed #1
Dec 10, 2018

Now you just sound salty about your friends getting slapped.

(3)
BP
Bas Poiesz
Dec 10, 2018

If I was US-based or Hik Employee... maybe.

As a EU based distributor the US tarif has zero influence on our business, not to worry :). We really don't care about tarifs in the US.

(1)
U
Undisclosed #1
Dec 10, 2018

As a EU based distributor the US tarif has zero influence on our business, not to worry :)

I would tend to agree, it's really the US ban of Hikua for government projects that is affecting your business over there.

BP
Bas Poiesz
Dec 10, 2018

Again, not to worry, business is growing quite well. But let's bring it back to topic, I don't want this to be about Hik/Dahua, but about Cisco.

The reason I mention tariff is because it seems cyberissues are seen as the reason for tarif. If this is the main reason, other countries should put a tarif in their business with the US when is comes to Cisco. With cisco being a brand used so much in the business, this issues deserves the same scrutiny.
You could stear clear of camera scrutiny and go with Tyco or Avigilon and still have massive security leaks due to cisco.

U
Undisclosed #2
Dec 10, 2018

No disagreement here. It's a two-way street and governments should try to do what's best for national security and the economy. If that means we take a hit for Cisco's poor judgement - so be it. Hopefully it would help drive them and other manufacturers away from apparently eagerly creating insecure products.

(2)
U
Undisclosed #1
Dec 10, 2018

If this is the main reason, other countries should put a tarif in their business with the US when is comes to Cisco.

OK, sounds good. You should champion that cause.

Satisfied now?

(1)
(1)
BP
Bas Poiesz
Dec 10, 2018

Not really, my point is that tarifs and cybersecurity have nothing to do with eachother, adding another non-sensical tarif is not really that great of a cause.

My point? Cisco deserves some attention for what is happening, as it is a widely used product. The fact it is a US-based product add's quite some irony for me, but I would have added this issue if it was from any other brand/country.

(1)
Avatar
Jon Dillabaugh
Dec 11, 2018
Pro Focus LLC

The fact it was designed for US based access doesn't mean it will stay that way. If the NSA/CIA/FBI can gain access, I can assure you other govs/hackers can and will gain access too.

(2)
BP
Bas Poiesz
Dec 11, 2018

I agree. And the threat level is high, the article explains:

The most recent backdoor was found in the Cisco Policy Suite, a software suite for ISPs and large companies that can manage a network’s bandwidth policies. The backdoor gives an attacker root access to the network

U
Undisclosed #3
Dec 10, 2018
IPVMU Certified

This backdoor development stuff is so ad-hoc and undocumented.

For surveillance equipment, ONVIF should add a Profile B to at least standardize the access API ;)

(1)
(3)
New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions