Skip to main content
close search
site logo
Dive Brief

Cisco: Hackers are installing rogue firmware on networking gear

Published Aug. 14, 2015
By
Contributing Editor
sqback, stock.xchng

Dive Brief:

  • The process of installing rogue firmware on embedded devices appears to be gaining popularity among hackers.

  • Cisco Systems issued an advisory on Tuesday warning customers of cases where attackers have replaced the boot firmware on devices running its IOS operating system.

  • Hackers use valid administrative credentials to conduct the attacks, Cisco said.

Dive Insight:

To conduct the attacks, hackers are replacing the ROM Monitor (ROMMON)  the low-level firmware that initializes the hardware and boots up IOS (which runs on most Cisco routers and offers a set of networking tools) — with a malicious version. It’s not yet clear how hackers are obtaining the administrative credentials used to carry out the attacks.

“No product vulnerability is leveraged in this attack, and the attacker requires valid administrative credentials or physical access to the system to be successful,” Cisco said in its advisory. “The ability to install an upgraded ROMMON image on IOS devices is a standard, documented feature that administrators use to manage their networks.”

Cisco said the attacks should serve as a warning for companies with IOS equipment that network administrators can be a target.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Graphiant’s Blakely Purtill Honored as a CRN® Channel Chief
From Graphiant
February 03, 2025
CloudBolt Marks Monumental Year of Growth and Solidifies Its Market Position as a Recognized L…
From CloudBolt Software
January 16, 2025
Newgen Recognized as a ‘Leader’ in IDC MarketScape Reports for its Intelligent CCM and Automat…
From Newgen
January 29, 2025
Midmo.ai Comes out of Stealth Mode with Connective Tissue for Traceability Solutions
From Midmo Inc
January 24, 2025
Editors' picks
Latest in IT Strategy
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.