Some photos not long ago surfaced on social media, showing a tiny PCB tapped into 4 points on Cisco-branded boards. What is this about? A NSA backdoor so knowledge can be exfiltrated to some 3rd occasion? Well, which is theoretically attainable, but it’s really employed for bypassing components authenticity checks in Cisco components becoming cloned — a sizable sector. Of study course, “can’t think it’s not Cisco” components is only useful insofar that it’s equipped to run the Cisco software package, and which is exactly where the bodge boards play a big function.
A 2020 report by F-Protected specifics an investigation, comparing 3 switches marked as Cisco 2960X – a person acknowledged real and two recognized counterfeits. The counterfeits experienced the aforementioned implants both soldered to the base of the PCB or additional to the board as a separate part, and the paper goes into why they’re important for prosperous counterfeiting.
Evidently, these chips emulate or bypass an I2C EEPROM that contains part of the code executed through the boot sequence, and Cisco is dependent on this EEPROM’s contents for authenticity verification. Cisco computer software reads the EEPROM two times — when for verification, and after once more for actually managing it. The microcontroller incorporated on the mod board can return a real binary with a valid signature on the to start with examine, and a binary with components checks patched out for subsequent reads.
The paper will inform you about way extra than this — it’s extensive but fascinating. As you’d assume, it devotes very a little bit of time to evaluating real and counterfeit boards, displaying that the cloning process is fairly to-the-T, save for some element substitutions. For occasion, verify out the PDF website page 12 to see how through areas are exactly copied among PCBs in a bizarre way, or the Cisco file format and authenticity check out investigation nearer to the stop of the report. All in all, the 38 web pages of the document make for a enjoyable foray into what makes Cisco authentication mechanisms tick, and what will help clone components makers bypass them.
Are such chips ever applied for adding backdoors and info exfiltration? There is no proof of that, as considerably as which is not to be excluded — bypassing anti-cloning protections would make other hijinks more viable no doubt, that claimed, only hardware authentication bypass measures had been located so much. This system also breaks throughout software program updates, and totally, leaves some to be desired when it comes to its stated performance. That claimed, these kinds of entertaining insights can assistance us, say, enforce right-to-maintenance, empower hardware reuse, and thwart many predatory small business practices in parts where by legal guidelines are unsuccessful us.