CONTACT US

THRANGRYCAT

DEFEATING CISCO'S SECURE BOOT

Red Balloon discovered a vulnerability which allows an attacker to persistently bypass Cisco’s proprietary secure boot mechanism and lock out future updates.

THRANGRYCAT

DEFEATING CISCO'S SECURE BOOT

Red Balloon discovered a vulnerability which allows an attacker to persistently bypass Cisco’s

proprietary secure boot mechanism and lock out future updates.

CLIENT

Internal R&D

YEAR

2019

Thrangrycat is caused by a series of hardware design flaws within Cisco’s Trust Anchor module (TAm) which is a proprietary hardware security module used in a wide range of Cisco products, including enterprise routers, switches and firewalls. TAm is the root of trust that underpins all other Cisco security and trustworthy computing mechanisms in these devices. Thrangrycat allows an attacker to make persistent modification to the Trust Anchor module via FPGA bitstream modification, thereby defeating the secure boot process and invalidating Cisco’s chain of trust at its root. This vulnerability was discovered by Red Balloon Security during internal research.

 

Following Black Hat 2019 and DEF CON 27, Red Balloon Security released open-source tools which are available on Github, including a Binary Abstraction Layer (BAL) package which is a tiny framework for analyzing and manipulating binary data.

 

See the presentation here.

 

CLIENT

Internal R&D

YEAR

2019

Thrangrycat is caused by a series of hardware design flaws within Cisco’s Trust Anchor module (TAm) which is a proprietary hardware security module used in a wide range of Cisco products, including enterprise routers, switches and firewalls. TAm is the root of trust that underpins all other Cisco security and trustworthy computing mechanisms in these devices. Thrangrycat allows an attacker to make persistent modification to the Trust Anchor module via FPGA bitstream modification, thereby defeating the secure boot process and invalidating Cisco’s chain of trust at its root. This vulnerability was discovered by Red Balloon Security during internal research.

 

Following Black Hat 2019 and DEF CON 27, Red Balloon Security released open-source tools which are available on Github, including a Binary Abstraction Layer (BAL) package which is a tiny framework for analyzing and manipulating binary data.

 

https://thrangrycat.com/

RBS_LogoSeperated
Twitter Linkedin

Sal Stolfo was an original founding member of Red Balloon Security, Inc.

[email protected]

© 2022 Red Balloon Security.
All Rights Reserved.

Twitter
Instagram
Linkedin
CONTACT US

LEVERAGE OUR EXPERTISE FOR YOUR EMBEDDED SECURITY NEEDS

Contact us now to discover more about Red Balloon Security’s range of solutions and services or to arrange a demonstration.

LEVERAGE OUR EXPERTISE FOR YOUR SECURITY NEEDS

Reach out to learn more about our embedded security offering and to schedule a demo.

LEVERAGE OUR EXPERTISE FOR YOUR SECURITY NEEDS

Reach out to learn more about our embedded security offering and to schedule a demo.

LEVERAGE OUR EXPERTISE FOR YOUR SECURITY NEEDS

Reach out to learn more about our embedded security offering and to schedule a demo.

LEVERAGE OUR EXPERTISE FOR YOUR SECURITY NEEDS

Reach out to learn more about our embedded security offering and to schedule a demo.

;