Cisco IOS Firmware Persistence Implant JETPLOW

JETPLOW is a firmware persistence implant for Cisco PIX Series and ASA (Adaptive Security Appliance) firewalls. Cisco officially acknowledged the possible NSA security vulnerabilities in their firewalls. You can view what Cisco has to say here. I personally think if this backdoor is legitimate that Cisco was not involved in the process of developing it.

 

What It Is
This backdoor allows the NSA to exploit a network that is secured with a Cisco PIX or ASA firewall by modifying the firewalls OS during boot time. If BANANAGLEE support is not available for the booting operating system then it can install a Persistent Backdoor (PBD). The PBD is designed to work with BANANAGLEE’s communications structure so full access can be reacquired at a later time. JETPLOW works on Cisco’s 500-series PIX firewalls, as well as most ASA firewalls (5505, 5510, 5520, 5540, and 5550).

 

What We Can Do
If this backdoor is legitimate then I think we either need to pressure Cisco to do something about this or stop using Cisco PIX and ASA firewalls. Cisco is not the only provider for networking equipment like firewalls; they are currently just the biggest. At the bottom of the official JETPLOW documentation it states “Has been widely deployed. Current availability restricted based on OS version (inquire for details)”. If we go by what it says at the bottom of the OFFICIAL document that was leaked by Edward Snowden then there are a lot of people and businesses that are simply left insecure. If you look at the document at the bottom of this article you will also notice that the cost to deploy this is $0! This is because it is a software backdoor not hardware. These types of backdoors are usually never used for lawful purposes due to the price and way the NSA can deploy them on a massive scale.

 

Thank you all for taking the time to read this post and as always God bless!

The NSA’s original documentation on JETPLOW

JETPLOW

The following two tabs change content below.
Preston Hood
Hello, my name is Preston Hood. I am the owner of PJHoodsCo, an Information Technology Service Provider (ITSP). I am also a freelance writer and information security researcher.
Preston Hood

Latest posts by Preston Hood (see all)

Categories: Information Technology, IT Security, and Preston Hood.

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>