Cisco VPN passwords discoverable after NSA leak

Cisco Pix

Data recently released from claimed NSA sources and posted online by hackers has led to the discovery of more than one security issue in a widely used Cisco product.

This week researchers delving into a cache of information allegedly taken from NSA sources discovered that certain Cisco products are susceptible to having their VPN passwords revealed easily via outside access.

Hardware

Unlike a regular software VPN solution Cisco provide hardware products that include both VPN and firewall functionality often used by large corporations and governments around the world.

The exploit relates to a somewhat outdated device known as Cisco Pix.  The exploit known as “PixPocket” was revealed by security researcher Mustafa Al-Bassam who was one of the first to publish findings relating to the security hole.

By sending a packet of data to systems running Cisco Pix, Al-Bassam was able to confirm that via a dump of the memory of the device the master VPN password can be discovered and due to this hackers would then be able to snoop on the encrypted data passing over the network rendering the Cisco VPN system useless.

Al-Bassam was not alone as other security researchers also tested the exploit and confirmed the results published.

In an interview with Motherboard website Al-Bassam clarified that systems using a preshared key would be susceptible to the exploit allowing anyone to remotely access the VPN password.

While researchers discovered that preshared keys were easily accessible they also suggested that private keys could be recovered using a similar method although testing of the theory had not been conducted.

Obsolete

The Pix range of products by Cisco was only available until 2009 so it is unclear how many systems are still in use, however, another researcher, Kevin Beaumont following the case pointed out on twitter that one of the UK’s largest government IT contractors was still making use of the hardware leaving systems vulnerable to attack.

Cisco has been quick to answer critics stating that as technology advances so do the nature of attacks. From this it appears that Cisco is alluding to the fact that the hardware has not been on sale for over 7 years putting the onus on companies and organisations who have failed to update their systems.

Due to the latest revelations Cisco posted an updated blog on their website stating “Our investigation so far has not identified any new vulnerabilities in current products related to the exploit.” clarifying that they are in essence washing their hands of responsibility for obsolete technology.

While the revelations are bad for Cisco it is clear they are more a problem for companies and organisations who are not following best IT practice by keeping products and solutions up to date to mitigate against such exploits.

The exploits have been made possible by a released cache of tools from a group known as The Shadow Brokers that is claimed to have come from NSA sources.

While certain Cisco hardware is susceptible it is important to make clear that public VPN services such as those listed in our VPN Comparison Guide are not affected and only Cisco Pix hardware is at risk of being exploited in this manner.

Leave a Reply

Your email address will not be published. Required fields are marked *