:
- The National Security Agency (NSA) was able to spy on encrypted internet traffic from Cisco customers for almost 10 years, according to ARS Technica.
- Researchers say the agency did so through BenignCertain, an attack that extracts decryption keys from Cisco’s PIX firewalls remotely.
- BenignCertain worked on PIX versions Cisco released in 2002 and supported through 2009. The PIX line is now decommissioned.
Dive Insight:
Researchers say virtually all PIX customers were vulnerable to eavesdropping on their VPN traffic. ARS Technica said three different researchers confirmed that BenignCertain works on PIX installations.
"It shows that the NSA had the ability to remotely extract confidential keys from Cisco VPNs for over a decade," Mustafa Al-Bassam, a security researcher at payments processing firm Secure Trading, told Ars.
Though PIX is now decommissioned, over 15,000 networks worldwide still use it, according to the Shodan search engine.
Last weekend, a hacking group dubbed the Shadow Brokers released stolen NSA hacking tools, including BenignCertain. The group was auctioning the tools on the Internet over the weekend. Soon after, Cisco and Fortinet made patches available for some of the exploits, providing confirmation that at least some of the exploits are legitimate.