SYNful Knock Hack Compromises Private Data on Cisco Routers

by Tracy Knauer •

Reports this week that malicious hackers have installed sniffing software on Cisco routers in at least four countries, enabling them to steal reams of personal information, underscore the importance of encrypting personal data to ensure privacy.

The hack, which Cisco reported on its blog on Tuesday, affects enterprise-grade network routers and switches. Those are the type of hardware that handle massive amounts of Internet data on public networks. Untold numbers of emails, chat conversations, connection logs and everything else people do online passes through them.

To execute the attack, hackers installed a modified version of the Cisco router operating system on the devices. The malicious software is called SYNful Knock.

Once in place, SYNful Knock potentially providers attackers with the ability to read data passing through the devices, among other activities.

Unlike similar attacks in recent years that have compromised personal routers — the kind people use in their homes and small offices — SYNful Knock cannot be erased by rebooting the device. It provides attackers permanent access unless administrators take specific steps to remove the malicious code.

Thwarting Router-Level Sniffing

According to Cisco, the attack required physical access to the devices. It did not exploit software defects or bugs as remote attack vectors.

But that doesn’t make this attack any less harmful to end users, whose privacy SYNful Knock places at risk, even if they have no idea that their data is passing through compromised Cisco routers.

It would be nice to believe that attacks like this can be prevented through careful access control policies and software security strategies. In reality, however, the proliferation during the last several years of high-profile attacks that compromise private data suggest that this sort of threat is not going to go away.

That’s why end-to-end encryption of your online data and activity is essential for ensuring true privacy. If you use a VPN or similar service to encrypt your Internet communications, it won’t be readable by hackers even if they have access to network devices through which it passes (unless, of course, they compromise your VPN, but that’s unlikely).

Since you probably don’t even know where your data goes once it leaves your computer or local network, let alone whether the devices through which it passes are secure, encrypting everything before it reaches the public Internet is your only assurance against threats like SYNful Knock.

Leave a Reply

Your email address will not be published.