Cisco Subnet An independent Cisco community View more

Cisco backdoor still open

IBM researcher at Black Hat says opening for Feds exposes us

The "backdoors" that Cisco and other networking companies implement in their routers and switches for lawful intercept are front and center again at this week's Black Hat security conference. A few years ago, they were cause celebre in some VoIP wiretapping arguments and court rulings.

This time, an IBM researcher told Black Hat conference attendees that these openings can still expose information about us to hackers and allow them to "watch" our Internet activity. Backdoors are implemented in routers and switches so law enforcement officials can track the Internet communications and activity of an individual or individuals under surveillance. They are required by law to be incorporated in devices manufactured by networking companies and sold to ISPs.

In this report from Forbes, IBM Internet Security Systems researcher Tom Cross demonstrated how easily the backdoor in Cisco IOS can be exploited by hackers. When they gain access to a Cisco router, they are not blocked after multiple failed access attempts nor is an alert sent to an administrator. Any data collected through the backdoor can be sent to anywhere -- not just merely to an authorized user, Forbes reports.

What's more, an ISP is not able to perform an audit trail on whoever tried to gain access to a router through the backdoor - that nuance was intended to keep ISP employees from detecting the intercept and inadvertently tipping off the individual under surveillance. But according to IBM's Cross, any authorized employee can use it for unauthorized surveillance of users and those privacy violations cannot be tracked by the ISP.

Cisco said it is aware of Cross's assertions and is taking them under consideration. To Cisco's credit, it is the only networking company that makes its lawful intercept architecture public, according to the recommendations of the IETF, the Forbes story states. Other companies do not, which means they may be susceptible to the same security flaws, or worse.

More from Cisco Subnet:

This is Network World's Cisco Subnet news alert in which we focus on the top items from Cisco Subnet, your source for Cisco news, blogs, discussion items, security alerts, giveaways and more.

Cisco said to be readying major upgrade to CRS-1The scoop on the New TSHOOT Course and Exam

Cisco shipping 160G Ethernet card for ASR 9000

Another analyst sees Cisco UCS deployment delays

If Cisco buys you, you're 1 in 100

IPv4 Space is Getting Low - Really Low

Win one of 50 CCNP training books, videos and Cert Kits

Win great stuff from Cisco SubnetCisco Alert newsletter.Like RSS readers? Subscribe to the Cisco Subnet RSS feed

Like e-mail? Subscribe to the

Follow all Cisco Subnet bloggers on Twitter.Follow Jim Duffy on Twitter 
Insider Shootout: Best security tools for small business
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies