Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

A scheme that gives U.S. law enforcement authorities with a warrant access to networking equipment could also be exploited by illegal snoopers.

Tom Cross, manager of X-Force research, a security unit at IBM, discovered this after reviewing details of a lawful intercept scheme used to access equipment made by the networking giant Cisco. Cross says he identified weaknesses in the communication protocol that could let hackers perform illegal wiretaps. Cross focused on Cisco because it’s the only company to have made the details of its system public, but he believes similar vulnerabilities exist with other intercept schemes.

“It’s not just the router vendor and the [Internet service provider] who have an interest in how this interface is built,” Cross said during a presentation at Black Hat DC, a computer-security conference held in Washington, DC. “We all do.”

Many networking and Internet companies have built backdoors into their systems to deal with a growing number of Internet wiretap requests. These backdoors provide members of law enforcement who have a warrant with immediate access to communications. But there is growing concern that these avenues could inadvertently make it easier for hackers to steal information. The espionage that prompted Google to consider pulling out of China last month drew attention to the existence of these wiretap backdoors after a prominent security expert suggested that such a system may have been used to infiltrate Google’s network.

The Cisco wiretap system uses a simple protocol, details of which have been published by the European Telecommunications Standards Institute. A law enforcement agency submits a request to a representative of an Internet service provider. This representative then sends a request to the device used to perform the surveillance, which is known as the intercept access point. For certain Cisco routers, the wiretap request is sent as a single packet of information, using a networking service called the Simple Network Management Protocol (SNMP). Cross identified a collection of problems with this setup.

First, he says, it’s too easy to bypass the authentication built into the system. The SNMP protocol provides a lot of information when access is denied, which can help an attacker guess the correct username and password for accessing the system. Worse yet, he says, a vulnerability disclosed in 2008 would allow an attacker to gain access to one such system with only 256 attempts (a trivial number for an automated system). Though patches have been issued for this flaw, service providers often do not keep routers patched because of the difficulty of taking them offline, Cross says.

0 comments about this story. Start the discussion »

Credit: Technology Review

Tagged: Computing

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me