The Cisco 1001-X series router doesn't look much like the one you have in your home. It's bigger and much more expensive, responsible for reliable connectivity at stock exchanges, corporate offices, your local mall, and so on. The devices play a pivotal role at institutions, in other words, including some that deal with hypersensitive information. Now, researchers are disclosing a remote attack that would potentially allow a hacker to take over any 1001-X router, and compromise all the data and commands that flow through it.
And it only gets worse from there.
To compromise the routers, researchers from the security firm Red Balloon exploited two vulnerabilities. The first is a bug in Cisco’s IOS operating system—not to be confused with Apple's iOS—which would allow a hacker to remotely obtain root access to the devices. This is a bad vulnerability, but not unusual, especially for routers. It can also be fixed relatively easily through a software patch.
The second vulnerability, though, is much more sinister. Once the researchers gain root access, they can bypass the router's most fundamental security protection. Known as the Trust Anchor, this Cisco security feature has been implemented in almost all of the company’s enterprise devices since 2013. The fact that the researchers have demonstrated a way to bypass it in one device indicates that it may be possible, with device-specific modifications, to defeat the Trust Anchor on hundreds of millions of Cisco units around the world. That includes everything from enterprise routers to network switches to firewalls.
In practice, this means an attacker could use these techniques to fully compromise the networks ..