Video Transcript

Hi, I’m Darren. I’m a penetration tester at Cybermaxx.

BSides Event: Basingstoke, UK

So earlier this month I went to a BSides event in a city called Basingstoke in the United Kingdom it’s in the South of England, sort of nearish London. There was quite a variety of talks on during the day, one of which was me presenting about vulnerabilities in the Cisco ATA devices, the SPA series.

There was also talks about the Cl0P ransomware gang and about using convolutional neural networks for detecting network traffic of malware. There was also other things, for example the ministry defenses DSTL brought with them an original Enigma machine from World War Two, which was pretty cool to look at.

Another company had brought a basically the internals of a cockpit of an airplane that you could use as a flight simulator.

And of course there was the lock picking village and other hacker things going on.

Cisco APA/ATA Device Vulnerabilities Discussion

So I was giving a presentation on some unpatchable vulnerabilities in end of life Cisco products, the Cisco ATA devices, the specifically the SPA series and some other series of devices. These are a small unit that live on your desk and they allow you to connect an old school analog phone and use it as a soft phone like a VoIP phone for modern Teleconferencing.

What I was talking about was Cisco had released an advisory with some vulnerabilities have been discovered in these devices and because these devices were out of support they would not be patched.

Cisco’s solution was to tell you to buy a newer device and throw out the old ones. There was no public exploit at the time of the advisory. So, I spent some time reverse engineering the firmware, writing my own exploit for it to see what the risk of this you know what this advisory resulted in and I found that the risks were pretty severe the outcome the utility to an attacker was quite high.

So I presented on how I rediscovered the vulnerability, how like, how bad the impact is, what I could do with it and also found that other devices not mentioned in the original advisory were also impacted.

Cisco Vulnerabilities: What risks does this pose?

So, the risk here is that for companies, these devices, they’re somewhat inexpensive, like they’re about 150 bucks each, but you’ve got one on like every user’s desk and some offices have been in and each one of those devices you can persistently install malware on it using this vulnerability that allows remote access to the network.

So, the risk for companies is unless they got rid of these devices or somehow mitigated the issue by other means, they have all these potential entry points just there on everyone’s desk that would allow a hacker to effectively live forever inside the company’s network, and without replacing these devices that risk doesn’t go away. There’s no patch, you know you have to replace it.

So it’s quite an expensive problem for a company to solve. They would have to do like wholesale replacing of these devices with newer models which may also go out of support in the future

Other Cool Exhibits: Original Enigma Machine and More!

So one of the coolest things I saw was the DSTL, they’re a branch of the Ministry of Defense, they brought one of the Original 4 rotor Enigma cipher machines that the Germans used during the Second World War to encrypt their messages that they’d send out to submarines, etcetera.

So they had this thing that they had seized, you know back at the end of World War Two from the Germans and they kept it for research and whatnot and they brought it with them and it was really cool to see they had like schematics of it. They even let it, you know, they even took off the lid of it, let us look inside. You could basically play with it a little bit, within reason. It is a historical artifact after all.

But it was cool because relatively nearby, like maybe a couple of hours drive away, is Bletchley Park, where they famously did the industrial scale decryption of the Enigma machine and some of the first computers effectively were invented. This is a really neat piece of you know Security history.