Thrangrycat can breach routers, switches, and firewalls

Intel has been in the news several times over the last 18 months due to serious security flaws that have been found in their chipsets, beginning with the dreaded Spectre and Meltdown flaws.  Now with MDS attacks, they're not the only ones. Recently, researchers have discovered serious flaws in Cisco products that would allow a determined hacker the ability to attack a wide range of devices.

These would be devices used by businesses and government agencies, including routers, switches, and firewalls. The new vulnerability is being tracked as CVE-2019-1649 and has been dubbed 'Thrangrycat' by researchers from Red Balloon Security, who first discovered it.

The research team had this to say about the vulnerability

"An attacker with root privileges on the device can modify the contents of the FPGA anchor bitstream, which is stored unprotected in flash memory.  Elements of this bitstream can be modified to disable critical functionality in the Trust Anchor module (Tam).

Successful modification of the bitstream is persistent, and the Trust Anchor will be disabled in subsequent boot sequences.  It is also possible to lock out any software updates to the Tam's bitstream."

Ominously, the research team added the following

"By chaining the Thrangrycat and remote command injection vulnerabilities, and an attacker can remotely and persistently bypass Cisco's secure boot mechanism and lock out all future software updates to the Tam.  Since the flaws reside within the hardware design, it is unlikely that any software security patch will fully resolve the fundamental security vulnerability."

Our perspective

Even so, we can expect Cisco to do something along those lines to at least blunt the risk, and they're no doubt already looking at the hardware architecture to find a solution going forward.  To this point, the company notes that they've not detected any attacks exploiting these vulnerabilities, but now that the research has been made public, that may change.

Meanwhile, check out this report

Free Executive Report: 10 Hidden IT Risks That Might Threaten Your Business

The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. We specialize in managed IT support for smaller healthcare practices, financial services firms, and nonprofits in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations. As well as providing small business technology education programs through business and professional associations.

Contact me if you would like me to speak at your association.