North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: IOS Rookit: the sky isn't falling (yet)

  • From: Gadi Evron
  • Date: Tue May 27 17:09:24 2008

On Tue, 27 May 2008, Sean Donelan wrote:
On Tue, 27 May 2008, Gadi Evron wrote:
Perhaps the above should be simplified.

Running a hacked/modded IOS version is a dangerous prospect.

This seems like such a non-event because what is the exploit path to load the image? There needs to be a primary exploit to load the malware image.


I guess we will wait for the next one before waking up, than.

If you let people load unauthorized images on your equipment, you
probably have bigger problems than potential rootkits. It may be a better use of resources to prevent people from installing unauthorized images on your hardware versus debating all the things an unauthorized image could do after it is installed.

Other things you could install rootkits on, if you can load
unauthorized images on the device:

Anything with a CPU and loadable images.

Even old fashion printing presses are vulnerable to the old fashion
version of a rootkit.  If you could replace the printing press plates
with unauthorized plates, you could change what the printing press
printed.  Modifying printing plates is the easy part, getting the
unauthorized printing plates on the printing press is the trick.

Sean, you are right. My point is that these things exist and we should not limit our assessment to what's available in presentations, which is the current rootkit. The next one and the ones after that is what matters.