Red Balloon discovered a vulnerability which allows an attacker to persistently bypass Cisco’s proprietary secure boot mechanism and lock out future updates.
Red Balloon discovered a vulnerability which allows an attacker to persistently bypass Cisco’s
proprietary secure boot mechanism and lock out future updates.
Internal R&D
2019
Thrangrycat is caused by a series of hardware design flaws within Cisco’s Trust Anchor module (TAm) which is a proprietary hardware security module used in a wide range of Cisco products, including enterprise routers, switches and firewalls. TAm is the root of trust that underpins all other Cisco security and trustworthy computing mechanisms in these devices. Thrangrycat allows an attacker to make persistent modification to the Trust Anchor module via FPGA bitstream modification, thereby defeating the secure boot process and invalidating Cisco’s chain of trust at its root. This vulnerability was discovered by Red Balloon Security during internal research.
Following Black Hat 2019 and DEF CON 27, Red Balloon Security released open-source tools which are available on Github, including a Binary Abstraction Layer (BAL) package which is a tiny framework for analyzing and manipulating binary data.
See the presentation here.
Internal R&D
2019
Thrangrycat is caused by a series of hardware design flaws within Cisco’s Trust Anchor module (TAm) which is a proprietary hardware security module used in a wide range of Cisco products, including enterprise routers, switches and firewalls. TAm is the root of trust that underpins all other Cisco security and trustworthy computing mechanisms in these devices. Thrangrycat allows an attacker to make persistent modification to the Trust Anchor module via FPGA bitstream modification, thereby defeating the secure boot process and invalidating Cisco’s chain of trust at its root. This vulnerability was discovered by Red Balloon Security during internal research.
Following Black Hat 2019 and DEF CON 27, Red Balloon Security released open-source tools which are available on Github, including a Binary Abstraction Layer (BAL) package which is a tiny framework for analyzing and manipulating binary data.
© 2025 Red Balloon Security.
All Rights Reserved.
Sal Stolfo was an original founding member of Red Balloon Security, Inc.
Contact us to learn more about our advanced embedded security solutions or schedule a demonstration with our experts.
