Tuesday 27th May, 2008 10:45 Comments: 0
Cisco have updated their "Rootkits on Cisco IOS Devices" response since the presentation by Sebastian Muniz at the EUSecWest security conference. Their entire article pushes the idea of checking the integrity of the downloaded image using MD5 hashes. This would be fine, except the cryptographic hash function MD5 is not collision resistant (as demonstrated by Xiaoyun Wang and her co-authors back in 2004, subsequently allowing some clever researchers to (hopefully) predict the winner of the 2008 US Presidential Elections). I wonder how long it'd take to produce a malicious Cisco IOS software image that has the same MD5 hash as a legitimate version. Combine this with DNS poisoning or modifying the hosts file to redirect users to a malicious server and the IOS rootkit could remain a threat. Perhaps Cisco should jump to SHA-512, given that SHA-1 is already "broken".