Cisco has issued a high-level security advisory about a “Secure Boot Hardware Tampering Vulnerability.” This advisory affects almost all Cisco products since 2013 that support the Trust Anchor module (TAm).
Researchers have found ways to bypass the entire process of secure booting that the hardware was designed to support.
The researchers, Red Balloon Security, made a disclosure along with Cisco on the same subject.
They disclosed that "an attacker [could] fully bypass Cisco's Trust Anchor module (TAm) via Field Programmable Gate Array (FPGA) bitstream manipulation." Of course, the attacker must have root to be able to do such manipulation.
They found a way to get that, too. They also found a second vulnerability that is a remote command injection vulnerability against Cisco IOS XE version 16 and will allow remote code execution as root.
Well, you chain one to the other and there you have bypass of TAm.
Along with that, Red Balloon says that an "attacker can remotely and persistently bypass Cisco's secure boot mechanism and lock out all future software updates to the TAm."
But the problem's root may not be due to the software code. The researchers are fairly straightforward as to where they put the blame for the problem.
While everyone is waiting for Cisco to patch, they say the cause of the vulnerability "is fundamentally a hardware design flaw, we believe it will be very difficult, if not impossible to fully resolve this vulnerability via a software patch."
They continued that, "While the flaws are based in hardware, [the vulnerability] can be exploited remotely without any need for physical access. Since the flaws reside within the hardware design, it is unlikely that any software security patch will fully resolve the fundamental security vulnerability."
So, the researchers don't think software mitigation in any form will be effective to resolve this.
There are a huge amount of vulnerable devices, since the TAm was used extensively by Cisco in enterprise routers, switches and firewalls. The length of the affected list on the advisory was eye-popping.
Cisco acknowledges in their advisory that there are no workarounds available at this time.
Yet even the researchers know this problem has not been used in the wild. "We are unaware of any use of this exploit in the wild, but the potential danger is severe," they say.
Just how practical an attack that utilizes manipulation of the FPGA as an attack vector remains to be seen. There will be much more information about that aspect going forward. But if the attack works, it works big.
Cisco's efforts to mitigate can't be ignored as well, even if they are not as successful as might be hoped. Cisco will be highly motivated here, to be sure.
— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.