Elkins programmed his tiny stowaway chip to carry out an attack as soon as the firewall boots up in a target's data center. It impersonates a security administrator accessing the configurations of the firewall by connecting his or her computer directly to that port. Then the chip triggers the firewall's password recovery feature, creating a new admin account and gaining access to the firewall's settings. Elkins says he used Cisco's ASA 5505 firewall in his experiment because it was the cheapest one he found on eBay, but he says that any Cisco firewall that offers that sort of recovery in the case of a lost password should work. "We are committed to transparency and are investigating the researcher’s findings," Cisco said in a statement. "If new information is found that our customers need to be aware of, we will communicate it via our normal channels."
Once the malicious chip has access to those settings, Elkins says, his attack can change the firewall's settings to offer the hacker remote access to the device, disable its security features, and give the hacker access to the device's log of all the connections it sees, none of which would alert an administrator. "I can basically change the firewall's configuration to make it do whatever I want it to do," Elkins says. Elkins says with a bit more reverse engineering work, it would also be possible to reprogram the firmware of the firewall to make it into a more full-featured foothold for spying on the victim's network, though he didn't go that far in his proof-of-concept.
A Speck of Dust
Elkins' work follows another, earlier attempt to reproduce far more exactly the sort of hardware hack Bloomberg described in its supply chain hijacking scenario. As part of his re ..
Support the originator by clicking the read the rest link below.
