Attackers can take over Cisco routers; other routers at risk, too

Attackers have successfully infected Cisco routers with an attack that persists to provide a means for compromising other machines and data on the networks the routers serve, FireEye says.

The SYNful Knock attack successfully implanted altered versions of firmware into 14 Cisco routers in India, Mexico, the Philippines and Ukraine, according to FireEye, that gives full access to the devices, and researchers expect compromised machines to show up in more places and in other brands of routers.

SYNful Knock downloads software modules to customize further attacks and have been found in in Cisco 1841, 2811 and 3825 routers. It initially requires either physical access to routers or valid passwords; there is no software vulnerability being exploited, FireEye says in a blog post.

To read this article in full or to leave a comment, please click here