Red Balloon Security Discovers Critical Vulnerability in Millions of Cisco Switches, Routers, and Firewalls

13 May 2019

NEW YORK--(BUSINESS WIRE)--Red Balloon Security, a leading embedded device security firm, has discovered a high-risk vulnerability in Cisco’s secure boot process which impacts a wide range of Cisco products in use among enterprise and government networks, including routers, switches and firewalls.

The vulnerability, codenamed “Thrangrycat,” is caused by a series of hardware design flaws within Cisco’s Trust Anchor module. First commercially introduced in 2013, Cisco Trust Anchor module (TAm) is a proprietary hardware security module that is used in a wide range of Cisco products, including enterprise routers, switches and firewalls. TAm is the root of trust that underpins all other Cisco security and trustworthy computing mechanisms in these devices. The Thrangrycat vulnerability allows an attacker to make persistent modification to the Trust Anchor module via remote exploitation, thereby defeating the secure boot process and invalidating Cisco’s chain of trust at its root. While the flaws are based in hardware, Thrangrycat can be exploited remotely without any need for physical access. Since the Thrangrycat flaws reside within the hardware design, it is unlikely that any software security patch will fully resolve the fundamental security vulnerability.

“This is a significant security weakness which potentially exposes a large number of corporate, government and even military networks to remote attacks,” said Dr. Ang Cui, founder and chief scientist of Red Balloon Security. “We're talking about tens of millions of devices potentially affected by this vulnerability, many of them located inside of sensitive networks. These Cisco products form the backbone of secure communications for these organizations, and yet we can exploit them to permanently own their networks. Fixing this problem isn't easy, because to truly remediate it requires a physical replacement of the chip at the heart of the Trust Anchor system. A firmware patch will help to offset the risks, but it won't completely eliminate them. This is the real danger, and it will be difficult for companies, financial institutions and government agencies to properly address this problem.”

Thrangrycat is remotely exploitable and provides attackers with a reliable backdoor into highly secure networks, allowing them to bypass even rigorous cybersecurity defenses in order to gain full and persistent access inside the network. An attacker could remotely exploit this vulnerability to intercept communications, steal or manipulate data, install stealthy implants and carry out further attacks on other connected devices. Red Balloon Security researchers have demonstrated physical destruction of Cisco routers by leveraging Thrangrycat via remote exploitation.

Red Balloon Security has been working closely with Cisco’s Product Security Incident Response Team (PSIRT) to address this vulnerability, and commends PSIRT for its fast and diligent response.

For more technical details about Thrangrycat, visit www.thrangrycat.com.

About Red Balloon Security

Founded in 2011, Red Balloon Security (www.redballoonsecurity.com) is a leading cybersecurity provider and research firm that specializes in the protection of all embedded devices regardless of industry. The New York City-based company secures embedded systems with a suite of host-based firmware security solutions that continuously monitor critical elements of firmware and report indications of attempted intrusions throughout runtime.