Case Studies

Counterfeit switches

by Mark Rowe

The August 2020 print edition of Professional Security will feature counterfeits; and the work against knock-offs and fake goods, that infringe intellectual property (IP). Typically we are talking about consumer goods – t-shirts, pirated films and pop music, perfume and cosmetics, cheap toothpaste, pills and spirits.

The Finnish cyber security firm F-Secure reports that it has investigated two counterfeit versions of Cisco Catalyst 2960-X series switches. An IT company passed the products to F-Secure last year, after a software update stopped them from working; a common reaction of forged or modified hardware to new software. F-Secure Consulting did an analysis of the counterfeits to see any security implications, such as ‘back doors’.

Dmitry Janushkevich, a senior consultant with F-Secure Consulting’s Hardware Security team, is lead author of the report. He said: “We found that the counterfeits were built to bypass authentication measures, but we didn’t find evidence suggesting the units posed any other risks. The counterfeiters’ motives were likely limited to making money by selling the components. But we see motivated attackers use the same kind of approach to stealthily backdoor companies, which is why it’s important to thoroughly check any modified hardware.”

The counterfeits were physically and operationally similar to an authentic Cisco switch, the cyber firm reports. One unit’s engineering suggests that the counterfeiters either invested heavily in replicating Cisco’s original design or had access to proprietary engineering documentation to help them create a convincing copy.

F-Secure Consulting’s Head of Hardware Security Andrea Barisani said: “Security departments can’t afford to ignore hardware that’s been tampered with or modified, which is why they need to investigate any counterfeits that they’ve been tricked into using. Without tearing down the hardware and examining it from the ground up, organisations can’t know if a modified device had a larger security impact. And depending on the case, the impact can be major enough to completely undermine security measures intended to protect an organisation’s security, processes, infrastructure, etc.”

The firm offers this advice to counter, counterfeit components:

– Source all your components from authorised resellers;
– Have clear internal processes and policies on procurement processes;
– Ensure all components run the latest available software provided by vendors; and
– Make note of even physical differences between different units of the same product, no matter how subtle.

More on the F-Secure Labs website: https://labs.f-secure.com/publications/the-fake-cisco.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing