North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: IOS Rookit: the sky isn't falling (yet)
- From: Gadi Evron
- Date: Tue May 27 12:02:40 2008
On Tue, 27 May 2008, Jared Mauch wrote:
On May 27, 2008, at 8:42 AM, Alexander Harrowell wrote:
An alternative rootkit ? Privilege level 16 used by the Lawful Intercepton the router as privilege level 15 doesn't allow it and the only
 feature could be abused to do some of this too. Or the other way
around: use a "patched" IOS to keep an eye on Law Enforcement's
alternative is to sniff the traffic export.
The combination of rootkits and specially privileged Lawful Intercept
functions is a very dangerous one. This was precisely what was exploited in
the now-legendary and still unsolved Vodafone Greece hack.
Perhaps the above should be simplified.
Running a hacked/modded IOS version is a dangerous prospect.
This seems like such a non-event because what is the exploit path to load the
image? There needs to be a primary exploit to load the malware image.
I guess we will wait for the next one before waking up, than.