Demonstration to illustrate malicious rootkit technique for Cisco IOS systems
BOSTON, MA - May 21, 2008 - Core Security Technologies, makers of CORE IMPACT, the most comprehensive product for enterprise security assurance testing, today announced that researcher Sebastian Muñiz will be presenting his latest work at the EUSecWest Conference in London on May 22, 2008 at 3pm GMT. Muñiz’ presentation, “Cisco IOS Rootkits” will highlight a technique he developed through which Cisco routers running the vendor’s Internetwork Operating System (IOS) can be made vulnerable to generic rootkits.
Developed by Muñiz through the reverse engineering of a legitimate IOS upgrade file, the demonstration does not take advantage of any vulnerability (known or unknown) present in Cisco’s software. Instead, the presentation illustrates how someone who has access to IOS firmware files or administrative login credentials to an enterprise network’s routing or switching equipment could abuse privileges to plant a rootkit program into the device’s memory.
Cisco was informed of the presentation and its technical content by Core officials prior to the conference.
The primary goal of the exercise is to refute the notion that routers and other “closed” networking infrastructure devices are immune to rootkit attacks, which have plagued desktop operating systems for years. While IOS was addressed in this presentation, similar attacks could be carried out on other vendors’ networking gear using similar techniques, Muñiz pointed out.
“It’s long been held among some security experts that rootkits and other types of malicious programs could not be brought to bear on networking infrastructure in this way,” said Ivan Arce, chief technology officer at Core Security. “Routers and switches may be considered just networking “hardware” but this research proves that rootkits and other types of software threats are more than just theoretical exercises.”
More information on the EUSecWest conference can be found at http://eusecwest.com/.
About Core Security Technologies
Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their IT infrastructure. The company’s flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. IMPACT evaluates servers, desktop systems, end users and web applications by identifying what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com.