Counterfeit hardware has existed for ages, with network equipment relatively easy to forge, making fake routers and switches quite common.
Some devices are made just to sell, but others come with backdoors designed to undermine the security of various institutions and individuals. After inspecting a couple of fake yet harmless switches, security firm F-Secure has highlighted some particularly worrying examples using Cisco kit.
F-Secure was tasked by a customer with examining two counterfeit Cisco Catalyst 2960-X switches that failed after a software update, with the client wanting to find out whether these switches could have affected its security.
- Best wireless routers: the best Wi-Fi for your home network
- Best Wi-Fi extenders: top devices for boosting your WiFi network
- Best mesh Wi-Fi routers: the best wireless mesh routers for large homes
Both devices were physically and operationally similar to genuine products from Cisco. One of the researchers even suggested that the manufacturer spent a lot of time and money replicating Cisco’s original design or had access to proprietary blueprints. The forged switches were built to bypass authentication measures, but did not have any backdoors or posed other risks.
The biggest problem with these routers was the fact that they failed after an update. Meanwhile, it is important for network equipment to be upgradeable as new security threats emerge pretty often and updates are meant to address them.
But counterfeit network gear may cause considerably more harm if it features backdoors or spreads malware, something that can completely undermine security of an organization and result in major financial losses.
“Security departments can’t afford to ignore hardware that’s been tampered with or modified, which is why they need to investigate any counterfeits that they’ve been tricked into using,” explained Andrea Barisani, head of hardware security at F-Secure Consulting.
“Without tearing down the hardware and examining it from the ground up, organizations can’t know if a modified device had a larger security impact. And depending on the case, the impact can be major enough to completely undermine security measures intended to protect an organization’s security, processes, infrastructure, etc.”
In general, F-Secure recommends the following:
- Introduce policies that control procurement processes.
- Procure all components from authorized resellers.
- Ensure that all devices run the latest available software.
- Pay attention to physical differences between different units of the same devioce even if they seem negligible.