NSA snooped on encrypted Internet traffic for a decade

Post Reply
User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

NSA snooped on encrypted Internet traffic for a decade

Post by Pigeon » Fri Aug 19, 2016 11:21 pm

In a revelation that shows how the National Security Agency was able to systematically spy on many Cisco Systems customers for the better part of a decade, researchers have uncovered an attack that remotely extracts decryption keys from the company's now-decommissioned line of PIX firewalls.

The discovery is significant because the attack code, dubbed BenignCertain, worked on PIX versions Cisco released in 2002 and supported through 2009. Even after Cisco stopped providing PIX bug fixes in July 2009, the company continued offering limited service and support for the product for an additional four years. Unless PIX customers took special precautions, virtually all of them were vulnerable to attacks that surreptitiously eavesdropped on their VPN traffic. Beyond allowing attackers to snoop on encrypted VPN traffic using an active man-in-the-middle attack, the key extraction also makes it possible to gain full access to a vulnerable network by posing as a remote user.

BenignCertain's capabilities were tentatively revealed in this blog post from Thursday, and they were later confirmed to work on real-world PIX installations by three separate researchers. Before the confirmation came, Ars asked Cisco to investigate the exploit. The company declined, citing this policy for so-called end-of-life products.

Interestingly, Cisco's Adaptive Security Appliance, the firewall that replaced PIX, contained a similarly critical Internet Key Exchange vulnerability that was fixed three months ago. What's more, during the time the PIX vulnerability was active, firewalls from almost a dozen other providers were similarly vulnerable. While BenignCertain worked only against PIX, it's possible that still-undiscovered exploits were developed for other products.

Image

Link

"it's possible that still-undiscovered exploits were developed for other products."

Doubt level for that is approaching zero.

Post Reply