Cisco IOS rootkit to be revealed at London conference

Richard Thurston

May 16, 2008

Print
Email
Reprint
Text: A | A | A

More News

Related Reviews

Company

Cisco Systems

At EUSecWest on Thursday next week, a security researcher will demonstrate a rootkit designed specifically for Cisco's router operating system.

A security researcher is to demonstrate to a London conference next week what he believes is the first rootkit specifically written for Cisco routers.

Sebastian Muniz, of security testing firm Core Security, will tell delegates at the EUSecWest conference on Thursday that his rootkit, designed to manipulate Cisco's router operating system IOS, will contain all the potency of a rootkit written for Windows.

Rootkits are a form of malicious code used by hackers to take control of an operating system. They are generally very difficult to detect.

Rootkits are generally targeted at Windows operating systems because they are the most common. But because Cisco's routers are so common in the networking world (Cisco has between 80-90% market share), such rootkits could cause widespread internet problems.
Muniz says his software will work on multiple versions of IOS.

He claims to be working closely with Cisco on the matter, and says he won't disclose his source code. "I've done this with the purpose of showing that IOS rootkits are real, and that appropriate security measures must be taken," he told NetworkWorld.com.

A hacker would need to break into a router using a separate technique in order to install a rootkit, but having done that, they would be able to remotely control the device.

Cisco is no stranger to controversy at security conferences. The company threatened to sue a speaker, Michael Lynn, at the BlackHat conference in the United States in 2005 over his presentation concerning a Cisco router vulnerability, though it later withdrew the threat.

The router manufacturer has also attracted recent publicity over counterfeit versions of its products.

A presentation produced by the FBI (Federal Bureau of Investigation) which was leaked on the internet in April said counterfeit Cisco products had been sold to the US Navy, US Marine Corps, US Air Force and the FBI itself. The FBI said in the presentation that it amounted to "a critical infrastructure threat".

The leaked presentation came just two months after the end of an FBI anti-counterfeiting operation in which it seized $3.5m (£1.8m) worth of fake Cisco products in China.