New features can open up Cisco IOS to hackers

Presenter at Black Hat conference says VoIP, Web services extensions are attackable

New features embedded in Cisco IOS like VoIP and Web services -- which could be enabled by default -- can present an opportunity for hackers, according to this story in A security researcher at this week's Black Hat conference in Las Vegas delivered a presentation in which he outlined ways hackers can infiltrate Cisco routers through these new IOS features.

The speaker, Felix Lindner, said new deployments of IPv6 and VoIP open up new attack vectors in routers, according to the report:

IPv6 is considered a security threat due to the many net tunnels used to connect to IPv6. The issue is being addressed, but any new technology poses increased risks, Lindner said.

Something for customers to think about as they invest in new infrastructure to support new services. Cisco this week already issued a patch to fix multiple flaws in its WLAN controllers; and issued a warning to its unified communications customers about a risk in Microsoft's Internet Explorer.

More from Cisco Subnet:  Win training and books from Cisco SubnetCisco Alert newsletter. Like RSS readers? Subscribe to the Cisco Subnet RSS feed

Like e-mail? Subscribe to the

Follow Cisco Subnet on Twitter.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)