Internet-connected devices aren’t having a great week so far. After reports detailed vulnerabilities in Android and iPhone this week, a new security report says that Cisco might have a severe malware problem with some of its routers.
Security firm FireEye has discovered a malicious backdoor program called SYNful Knock that could let hackers use Cisco’s routers to deploy attacks on a broad scale.
The implant is the same size as the Cisco router image, and it’s loaded each time the router is restarted. The program supports up to 100 modules that can be tailored to the attacker’s needs.
So far, 79 devices in 19 countries have been identified, Ars Technica reports, including devices in the USA, Canada, the U.K., Germany, and China. Other affected countries include India, Mexico, the Philippines and Ukraine, where the program was first found in.
It’s not clear at this time who’s behind the malicious program, but it’s believed to be state-sponsored. Also, it’s not clear what the backdoors are used for, but many spying scenarios can come to mind, as the backdoor would let hackers access certain networks from a distance, often without leaving any traces as to what’s happening.
“What is clear now is the SYNful Knock is a professionally developed and fully featured backdoor device that almost certainly is actively infecting many more devices than previously seen by FireEye,” Ars writes. “It’s plausible some of the devices the scientists witnessed were honeypots, that is, routers intentionally infected by whitehat researchers who are looking for clues about who’s behind the attacks and how they operate. Still, it seems unlikely that all 79 of the devices are decoys.”
Researchers say that hackers might be exploiting routers that have weak passwords rather than vulnerabilities in these devices.
Cisco recently made headlines as its announced a massive partnership with Apple, and these adverse security reports will probably not sit well with either company, especially given Apple’s great concern about user privacy.
More details about this Cisco security vulnerability are available at the source links.