F-Secure: counterfeit Cisco routers may be harmless, but don’t use them anyway
Forged Cisco network equipment may be harmless, but still lacks proper security
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Counterfeit hardware has existed for ages, with network equipment relatively easy to forge, making fake routers and switches quite common.
Some devices are made just to sell, but others come with backdoors designed to undermine the security of various institutions and individuals. After inspecting a couple of fake yet harmless switches, security firm F-Secure has highlighted some particularly worrying examples using Cisco kit.
F-Secure was tasked by a customer with examining two counterfeit Cisco Catalyst 2960-X switches that failed after a software update, with the client wanting to find out whether these switches could have affected its security.
Both devices were physically and operationally similar to genuine products from Cisco. One of the researchers even suggested that the manufacturer spent a lot of time and money replicating Cisco’s original design or had access to proprietary blueprints. The forged switches were built to bypass authentication measures, but did not have any backdoors or posed other risks.
Insecure
The biggest problem with these routers was the fact that they failed after an update. Meanwhile, it is important for network equipment to be upgradeable as new security threats emerge pretty often and updates are meant to address them.
But counterfeit network gear may cause considerably more harm if it features backdoors or spreads malware, something that can completely undermine security of an organization and result in major financial losses.
“Security departments can’t afford to ignore hardware that’s been tampered with or modified, which is why they need to investigate any counterfeits that they’ve been tricked into using,” explained Andrea Barisani, head of hardware security at F-Secure Consulting.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Without tearing down the hardware and examining it from the ground up, organizations can’t know if a modified device had a larger security impact. And depending on the case, the impact can be major enough to completely undermine security measures intended to protect an organization’s security, processes, infrastructure, etc.”
In general, F-Secure recommends the following:
ViaF-Secure
Anton Shilov is the News Editor at AnandTech, Inc. For more than four years, he has been writing for magazines and websites such as AnandTech, TechRadar, Tom’s Guide, Kit Guru, EE Times, Tech & Learning, EE Times Asia, Design & Reuse.
The real battle for generative AI in software
US government agency warns workers of possible Chinese cellphone hacks
I’ve covered Black Friday for eight years and these are the deals I’d buy from the early sales
