how-to block ads
ISP Routers Have Backdoors That Expose User Data
quote:It's astonishing to me that this is how the whole surveillance thing works. Now, I knew it was codified in law (CALEA) that ISP's had to provide the government ways of monitoring users, but I didn't know that the router manufacturers put untraceable backdoors in their products -- backdoors that can also be used by any ISP insider or any remote blackhat to spy on any customer. The disconcerting thing is that this spying is untraceable -- that is, there is no logging done. And, according to the IBM researcher, it is very easy to exploit.
Cisco backdoor still open
IBM researcher at Black Hat says opening for Feds exposes us
By Cisco Subnet on Wed, 02/03/10 - 5:33pm.
The "backdoors" that Cisco and other networking companies implement in their routers and switches for lawful intercept are front and center again at this week's Black Hat security conference. A few years ago, they were cause celebre in some VoIP wiretapping arguments and court rulings.
This time, an IBM researcher told Black Hat conference attendees that these openings can still expose information about us to hackers and allow them to "watch" our Internet activity. Backdoors are implemented in routers and switches so law enforcement officials can track the Internet communications and activity of an individual or individuals under surveillance. They are required by law to be incorporated in devices manufactured by networking companies and sold to ISPs.
In this report from Forbes, IBM Internet Security Systems researcher Tom Cross demonstrated how easily the backdoor in Cisco IOS can be exploited by hackers. When they gain access to a Cisco router, they are not blocked after multiple failed access attempts nor is an alert sent to an administrator. Any data collected through the backdoor can be sent to anywhere -- not just merely to an authorized user, Forbes reports.
What's more, an ISP is not able to perform an audit trail on whoever tried to gain access to a router through the backdoor - that nuance was intended to keep ISP employees from detecting the intercept and inadvertently tipping off the individual under surveillance. But according to IBM's Cross, any authorized employee can use it for unauthorized surveillance of users and those privacy violations cannot be tracked by the ISP.
Cisco said it is aware of Cross's assertions and is taking them under consideration. To Cisco's credit, it is the only networking company that makes its lawful intercept architecture public, according to the recommendations of the IETF, the Forbes story states. Other companies do not, which means they may be susceptible to the same security flaws, or worse.
Now, is there anyone here who still thinks the use of encryption is "paranoia?" Everyone should be using PGP/GPG for e-mail and OTR for instant messaging. Sadly most websites still don't use SSL/TLS but hopefully that will change. IPv6 has mandatory IPsec, but it's still years away from becoming common. In the meantime all we can do on the HTTP front is to use VPN's, whether public or private.
(I apologize if this story was posted already, but I wasn't able to go back far enough to check).
Linux and BSD: operating systems the way they were meant to be -- secure, fast, free, and open.
Once a packet leaves your LAN, it is on wires that you do not control. Best practice is to assume that the content of all of your packets can be seen (after they leave your LAN).
Where you need privacy, use encryption.
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 11.0; firefox 3.0.17
BlackbirdBuilt for SpeedPremiumReviews:
Fort Wayne, IN
|reply to KodiacZiller |
It's a simple principle, but it's often overlooked: privacy is the user's responsibility. If it absolutely must remain private because of consequences to the user's interests were it disclosed, he must act to protect it according to its 'value'. That means he must evaluate the paths the information will travel from his fingertips to the final destination, the eyes that could see it in-transit, the efforts that might be expended to compromise its privacy... and make his protection choices accordingly. Usually, for most users, this involves some degree of trust in "experts" and/or "expert tools" - else users must competently educate themselves in all the details involved so they can equip themselves to act accordingly. But simply, blindly trusting in "the computer," "the ISP," or "the Internet" for assurance of meaningful privacy protection is to do neither. Moreover, the privacy challenge doesn't just end there.
A more subtle issue of equal import, rearing its head more and more, is the impact upon a user's privacy in the handling of his information once it arrives at its intended destination. There are many ways that privacy can be destroyed or undermined at the recipient's end, most of them directly uncontrollable by the original user/sender. This is where further user "trust" comes in... trust in the recipient's sense and follow-through of careful responsibility in handling other-people's data. Unfortunately, too often, that user trust is misplaced. A simple reality is that, under current law and practice, the consequences of lost privacy impact the original user/sender far more directly and negatively than it impacts the person receiving (and allowing the mishandling of) the private information. A client having had his private ID details compromised is usually far more devastated than the institution involved in losing the records' privacy to intrusion. Inevitably, this breaking of connection between cause and magnitude of consequence leads to inadequacies in privacy preservation by recipients regarding other-people's sent data. Hence the growing epidemic of compromised (or lost) files, records, tapes, etc. containing private client records at data-handling sites.
Successfully using encryption requires both sound encrypting techniques and the cooperation of competent folks at both ends of the pipe. But it further requires that the arrived information receive ongoing, ironclad privacy protection as if it were the recipient's own valued private information whose compromise would impact him as severely as it might impact the original sender. Just getting the other party to respond properly and enthusiastically to solid encryption methodology can be challenging enough... maintaining assurance of their ongoing care over the information can be well-nigh impossible.
The real point is that a whole chain of secure elements are required for privacy over a network, from the user's computer to the final receiving computer on through the access/retention policies of the recipient. If the user/sender and the recipient are employing sound encryption on clean computers, a "backdoor tap" in a router or switch represents only limited threat to meaningful privacy/security. A far more serious issue, IMHO, is whether the recipient employs secure data access/handling/retention methodologies. Because he's all-too-often shielded from the most serious consequences of that data being compromised, his methodologies may not be as air-tight as the privacy assumptions (the "trust") being made by the user/sender. That leads to trust misplaced. And misplaced trust often leads to disaster.
"Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God!" -- P.Henry, 1775
said by Blackbird:Yes, I have found this to be true for myself. Trying to convince my more non-technically inclined associates to utilize public key cryptography has proven to be a challenge. Most of them don't understand the need for it, that is, they think their data is already private. And those that do understand don't think they have "anything to hide." This is certainly true in a legal sense (none do anything illegal) but I must tell them that they wouldn't feel the same way if they knew people could easily listen in on their phone calls. Sadly, in the case of phones there isn't much that can be done on the user's end to increase privacy. With Internet communication it is fairly easy to do and everyone should be doing it.
Just getting the other party to respond properly and enthusiastically to solid encryption methodology can be challenging enough... maintaining assurance of their ongoing care over the information can be well-nigh impossible.
The real point is that a whole chain of secure elements are required for privacy over a network, from the user's computer to the final receiving computer on through the access/retention policies of the recipient. If the user/sender and the recipient are employing sound encryption on clean computers, a "backdoor tap" in a router or switch represents only limited threat to meaningful privacy/security. A far more serious issue, IMHO, is whether the recipient employs secure data access/handling/retention methodologies. Because he's all-too-often shielded from the most serious consequences of that data being compromised, his methodologies may not be as air-tight as the privacy assumptions (the "trust") being made by the user/sender. That leads to trust misplaced. And misplaced trust often leads to disaster.Yeah, the real challenge is preventing impostors or MITM attacks. This is easy to thwart with key signing parties, etc. Other than that, it is only a matter of making sure any decrypted message (that might be sensitive) is discarded properly after viewing. This is where perfect forward secrecy can come in handy, though it really allows for plausible deniability, not in stopping adversaries from reading carelessly stored decrypted messages. Gnupg, I believe, does have a built-in "Mission Impossible" style "self-destruct" setting, but I am not sure how effective it is.
Linux and BSD: operating systems the way they were meant to be -- secure, fast, free, and open.