Cisco Announces Hardware Vulnerabilities
Compromised software isn't the only thing that can put a company at risk. Cisco, a popular networking equipment manufacturer, recently announced that more than 300 models of their switches could potentially be vulnerable to hacking attempts. The information was based on documents shared by WikiLeaks that purportedly came from the CIA.
Ryan Whitwam of ExtremeTech explained that individual users' devices are not at risk. The Cisco switches involved are all enterprise-level hardware, each one costing thousands of dollars. The security flaw involves the Telnet protocol used by the switches and can potentially give hackers full control of the switch and all the network traffic that goes through it. At this time, there is no procedure in place to patch the firmware vulnerability, but there are steps that a business can take to help prevent attacks. Experts are hoping that WikiLeaks will release more specific details to help companies resolve the problem. Cisco is working on a patch, but has been unable to provide an anticipated delivery date.
Supporting Web Links
- A simple command allows the CIA to commandeer 318 models of Cisco switches
- WikiLeaks Won’t Tell Tech Companies How to Patch CIA Zero-Days Until Its Demands Are Met
- Video: Congress addresses cyberwar on small business: 14 million hacked over last 12 months
- Yee-hacked! Fired Texan sysadmin goes rogue, trashes boot business
- 40% of industrial computers were hacked in 2016, here are 5 ways to protect your business
- Most companies wide open to “cataclysmic” hack, especially after M&A
- Intel Offers Up to $30,000 for Hardware Vulnerabilities
- The Nintendo Switch Can Be Hacked Via Known Webkit Vulnerability
- Hundreds of Cisco switches vulnerable to flaw found in WikiLeaks files
- Discuss the latest round of documents released by WikiLeaks with the class and ask the class to consider the impact this information has on the companies involved.
- Divide the class into several small groups and ask them to research an example of a company that has been affected by compromised hardware. At a minimum, each group should consider the following topics. How did it happen? What steps might the company have taken to prevent the problem or minimize the damage? How did the vulnerability affect the company’s customers or stockholders? What impact did it have on the company? Each group should create a presentation to share their findings with the class.
- As an individual project, ask students to further research the vulnerability found in Cisco switches. How do switches work and how does this vulnerability affect them? Students may write a brief report or create a presentation for the class.