Freely subscribe to our NEWSLETTER

F-Secure Consulting’s Hardware Security team investigated two different counterfeit versions of Cisco Catalyst 2960-X series switches. The counterfeits were discovered by an IT company after a software update stopped them from working, which is a common reaction of forged/modified hardware to new software. At the company’s request, F-Secure Consulting performed a thorough analysis of the counterfeits to determine the security implications.

The investigators found that while the counterfeits did not have any backdoor-like functionality, they did employ various measures to fool security controls. For example, one of the units exploited what the research team believes to be a previously undiscovered software vulnerability to undermine secure boot processes that provide protection against firmware tampering.

The counterfeits were physically and operationally similar to an authentic Cisco switch. One of the unit’s engineering suggests that the counterfeiters either invested heavily in replicating Cisco’s original design or had access to proprietary engineering documentation to help them create a convincing copy.

According to F-Secure Consulting’s Head of Hardware Security Andrea Barisani, organizations face considerable security challenges in trying to mitigate the security implications of sophisticated counterfeits such as the those analyzed in the report.

F-Secure has the following advice to help organizations prevent themselves from using counterfeit components:

– Source all your components from authorized resellers

– Have clear internal processes and policies that govern procurement processes

– Ensure all components run the latest available software provided by vendors

– Make note of physical differences between different units of the same product, no matter how subtle they may be