Vaidehi Sachin, Group editor of News Maker, took a revolutionary step with the support from intelligence sources, to unite all ethical & unethical hackers of India. Register them under cyber employment act & create a new young army for Cyber security of our country INDIA.The intention is to rehabilitate youth lured in cybercrime. For more details, you can write us at amarjit@freehacking.net OR cyberterrors@gmail.com Visit: Cyber Terror JAI HIND..!! Any thing for INDIA..!!
I Invite all my Hacker Friends. For more information CLICK HERE

Subscribe & Get Free Hacking News Letter | Receive Daily Updates

Enter your email address:

Thursday, February 4, 2010

Cisco's Backdoor For Hackers: IOS operating system can be exploited by cybercriminals

Activists have long grumbled about the privacy implications of the legal "backdoors" that networking companies like Cisco build into their equipment--functions that let law enforcement quietly track the Internet activities of criminal suspects. Now an IBM researcher has revealed a more serious problem with those backdoors: They don't have particularly strong locks, and consumers are at risk.

In a presentation at the Black Hat security conference Wednesday, IBM ( IBM - news - people ) Internet Security Systems researcher Tom Cross unveiled research on how easily the "lawful intercept" function in Cisco's ( CSCO - news - people ) IOS operating system can be exploited by cybercriminals or cyberspies to pull data out of the routers belonging to an Internet service provider (ISP) and watch innocent victims' online behavior.

"We need to balance privacy interests with the state's interest in monitoring suspected criminals," says Cross. "There's long been a political debate about where that balance should be. But there are also these serious underlying technical problems."

Cross revealed a collection of security weaknesses in Cisco's architecture that he says add up to a lawful intercept system that's woefully easy to hijack. When hackers try to gain access to a Cisco router, the system doesn't block them after failed access attempts and it doesn't alert an administrator. Many Cisco routers are still vulnerable, he said, to a bug that was publicized in June 2008, despite Cisco releasing a patch. And once data has been collected using the lawful intercept, it can be sent to any destination, not merely to an authorized user.

"Each [bug] isn't a big deal, but when you add them all together the situation is fairly bleak," Cross told the Black Hat audience.

In an interview he said Cross expressed the most concern over an ISP's inability to audit whether someone had used the function. That invisibility, he said, was intended to hide the technique from ISP employees who might detect the intercept and alert the suspect under surveillance.

SOURCE: FORBES
Share |
Geared by Amarjit Singh
For more articles similar to this post visit @

0 Visitor Reactions & Comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Related Posts with Thumbnails