Red Balloon discovered a vulnerability which allows an attacker to persistently bypass Cisco’s proprietary secure boot mechanism and lock out future updates.
Red Balloon discovered a vulnerability which allows an attacker to persistently bypass Cisco’s
proprietary secure boot mechanism and lock out future updates.
Internal R&D
2019
Thrangrycat is caused by a series of hardware design flaws within Cisco’s Trust Anchor module (TAm) which is a proprietary hardware security module used in a wide range of Cisco products, including enterprise routers, switches and firewalls. TAm is the root of trust that underpins all other Cisco security and trustworthy computing mechanisms in these devices. Thrangrycat allows an attacker to make persistent modification to the Trust Anchor module via FPGA bitstream modification, thereby defeating the secure boot process and invalidating Cisco’s chain of trust at its root. This vulnerability was discovered by Red Balloon Security during internal research.
Following Black Hat 2019 and DEF CON 27, Red Balloon Security released open-source tools which are available on Github, including a Binary Abstraction Layer (BAL) package which is a tiny framework for analyzing and manipulating binary data.
See the presentation here.
Internal R&D
2019
Thrangrycat is caused by a series of hardware design flaws within Cisco’s Trust Anchor module (TAm) which is a proprietary hardware security module used in a wide range of Cisco products, including enterprise routers, switches and firewalls. TAm is the root of trust that underpins all other Cisco security and trustworthy computing mechanisms in these devices. Thrangrycat allows an attacker to make persistent modification to the Trust Anchor module via FPGA bitstream modification, thereby defeating the secure boot process and invalidating Cisco’s chain of trust at its root. This vulnerability was discovered by Red Balloon Security during internal research.
Following Black Hat 2019 and DEF CON 27, Red Balloon Security released open-source tools which are available on Github, including a Binary Abstraction Layer (BAL) package which is a tiny framework for analyzing and manipulating binary data.
Sal Stolfo was an original founding member of Red Balloon Security, Inc.
© 2022 Red Balloon Security.
All Rights Reserved.
© 2022 Red Balloon Security. All Rights Reserved.
Contact us now to discover more about Red Balloon Security’s range of solutions and services or to arrange a demonstration.
Reach out to learn more about our embedded security offering and to schedule a demo.
Reach out to learn more about our embedded security offering and to schedule a demo.
Reach out to learn more about our embedded security offering and to schedule a demo.
Reach out to learn more about our embedded security offering and to schedule a demo.