Black Hat: Cisco to Face Scrutiny Again

Cisco Systems’ products will again come under scrutiny again at this year’s Black Hat USA 2006 conference, which kicks off later this month in Las Vegas.

Conference organizers say that 15 new exploits will be discussed at this year’s event and that two of them target network admission control (NAC) and voice-over-IP vulnerabilities that affect products from a number of vendors, including Cisco.

Security researchers, no longer as focused on digging up bugs in core Windows components, are looking for green fields, said Black Hat Director Jeff Moss.

Last year, Cisco sued Black Hat conference organizers after security researcher Michael Lynn demonstrated a method for running unauthorized code on a Cisco router. It was a difficult technical achievement that had been considered impossible by some, but Cisco saw it to be a dangerous disclosure of information that could be used to harm the Internet’s infrastructure.

Black Hat and Cisco settled the lawsuit after conference organizers promised not to disseminate information on Lynn’s research. Lynn is not listed among this year’s presenters.

However, it is unlikely that Cisco will be suing the conference this year, given that neither of the exploits targets Cisco specifically. Instead they relate to underlying technologies that are used by a large number of products including Cisco’s NAC and VoIP products.

One researcher, Ofir Arkin, the chief technology officer of Insightix, will be speaking about NAC technologies “and ways to bypass them,” he said in an e-mail interview. Information on Arkin’s presentation can be found here.

A second presentation, given by researchers at 3Com and SecureLogix, will examine the Session Initiation Protocol (SIP) used by VoIP systems. “In it, we describe and demonstrate many real-world VoIP exploitation scenarios against SIP-based systems (Cisco, Avaya, Asterisk, etc.),” the presenters wrote in a description of their talk. This description can be found here.

Researchers will disclose three exploits that take advantage of bugs in the Linux-based Asterisk private branch exchange telephony software, conference organizers said. And as previously reported, wireless security researchers David Maynor and Jon Ellch plan to show a way of running unauthorized software on a laptop computer by manipulating buggy code in the system’s wireless device driver.

Products from perennial favorites Microsoft and Oracle will also be discussed, with three Oracle exploits and four Microsoft exploits being disclosed, Black Hat said. There will also be discussion of two Linux exploits and one relating to Xerox’s products.

Researchers will also demonstrate 25 new hacking tools at the show, which will also be noteworthy for its degree of friendly cooperation with technology vendors. Cisco itself is a platinum sponsor at the show, and Microsoft employees will be speaking at a track devoted entirely to the company’s upcoming Windows Vista operating system.

Black Hat’s Moss credits Lynn with inspiring new research work in the area of embedded devices, which will be one of the hottest areas of research at this year’s conference. By showing how Cisco’s routers could be hacked and made to run unauthorized code just like a PC, Lynn helped change the way researchers think about many of these devices. “Once he did that, it really opened people’s eyes,” Moss said. “The amount of people who are now beating up on embedded devices has changed. Now the floodgates are opened.”

-Robert McMillan, IDG News Service (San Francisco Bureau)

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.