THRANGRYCAT

Red Balloon discovered a vulnerability which allows an attacker to persistently bypass Cisco’s proprietary secure boot mechanism and lock out future updates.

Defeating Cisco’s secure boot

CLIENT

Internal R&D

YEAR

2019

Thrangrycat is caused by a series of hardware design flaws within Cisco’s Trust Anchor module (TAm) which is a proprietary hardware security module used in a wide range of Cisco products, including enterprise routers, switches and firewalls. TAm is the root of trust that underpins all other Cisco security and trustworthy computing mechanisms in these devices. Thrangrycat allows an attacker to make persistent modification to the Trust Anchor module via FPGA bitstream modification, thereby defeating the secure boot process and invalidating Cisco’s chain of trust at its root. This vulnerability was discovered by Red Balloon Security during internal research.

Following Black Hat 2019 and DEF CON 27, Red Balloon Security released open-source tools which are available on Github, including a Binary Abstraction Layer (BAL) package which is a tiny framework for analyzing and manipulating binary data.