In a recent disclosure that demonstrates how the National Security Agency was able to methodically spy on many Cisco Systems consumers for almost a decade, investigators have exposed an attack that remotely obtains decryption keys from Cisco’s now-decommissioned line of PIX firewalls.
More so, private browsing isn’t safe either. Forget about security when downloading torrents. Here is a solution though, make sure you check it out; best vpn for torrenting
This is quite a major finding because the attack code, BenignCertain, affected the PIX versions Cisco released in 2002 and was provided support till 2009. Cisco eventually stopped providing bug fixes for PIX in July 2009, yet they kept on offering some services and support for the product for four more years. Almost all of the PIX customers were exposed to attacks that secretly kept tabs on their VPN traffic, except for a few who had already taken protective measures. Apart from giving attackers the access to encrypted VPN traffic, the key extraction also enables them to obtain full control over an exposed network using the pretense of a remote user.
Later in a blog post, BenignCertain’s capabilities were cautiously released, and were later communicated to the public on real-world PIX installations by three different researchers. Before the confirmation was released, Ars requested Cisco to inspect the breach. The company refused, quoting their policy for products at the end of their life cycle. This exploit also aids in the comprehension of papers revealed by the NSA contractor, Edward Snowden and stated in a 2014 Der Spiegel article, which specified that the NSA had the means and capability of decrypting over 1,000 VPN connections in an hour.
This disclosure is majorly alarming because results from the Shodan search engine indicate that over 15,000 networks all over the world continue to use PIX, with the US, the Russian Federation, and Australia being the affected countries on top of the list. A recent revelation of BenignCertain and many other NSA-connected attack tools means that comparatively less skilled hackers can also perform the same complex attacks. A study of the exploit binary indicates that the PIX versions targeted by BenignCertain were 5.3(9) through 6.3(4). The investigators, however, were also able to find a workaround using the same key-extraction technique for version 6.3(5).
Representatives from Cisco refrained from commenting on the leak, always citing their already mentioned policy on end-of-life products. However, later they updated one of their previously written blog posts to convey that their product security incident response team had agreed to inspect BenignCertain finally. The team revealed that Adaptive Security Appliance, its current supported firewall was not exposed, yet PIX versions 6.x and earlier were affected and also confirmed that PIX versions 7.0 and later remain unaffected.
Fascinatingly, Cisco’s new firewall, Adaptive Security Appliance, that replaced PIX, also contained the same grave Internet Key Exchange susceptibility but this was later fixed about three months ago. Even more so, all this time that the PIX was vulnerable to attacks, many firewalls from more than a dozen other providers were facing similar loopholes. Though BenignCertain has only been detected to work against PIX, it is highly possible that there are yet some unidentified exploits developed for other products.
About the author:
Nuur Hasan is a software developer and a political activist, he intends to dedicate his life to the becoming the voice of the voiceless.