Research reveals vulnerability to a key router protocol, as well as threats to critical infrastructure

LAS VEGAS — Black Hat hasn’t disappointed this year, with research revealing a flaw that undercuts OSPF routing, two separate assertions that security for Apple products in the enterprise isn’t that bad and a friendly hand being offered to hackers and crackers to join the U.S. fight against terrorists in cyberspace.

 

 

Perhaps the biggest blockbuster, because of the sheer scope of the potential problem, is the vulnerability an Israeli researcher found in the Open Shortest Path First (OSPF) routing protocol that puts networks using it at risk of attacks that compromise data streams, falsify network topography and create crippling router loops.

OSPF is the most popular routing protocol used within the roughly 35,000 autonomous systems into which the Internet is divided. Typically large corporations, universities and ISPs run autonomous systems.

MORE FROM BLACK HAT: Hackers and crackers needed to counter terrorists

The only remedies are using another protocol such as RIP or IS-IS or changing OSPF to close the vulnerability, says Gabi Nakibly, a researcher at Israel’s Electronic Warfare Research and Simulation Center, who discovered the problem.

Nakibly says he has successfully carried out an exploit against the vulnerability on a Cisco 7200 router running software version IOS 15.0(1)M, but it would be equally effective against any router that is compliant with the OSPF specification. He says he chose a Cisco router to underscore the severity of the problem, since Cisco dominates the router market.

Meanwhile, researchers took a look at Apple’s OS X operating system for desktops and laptops and its iOS operating system for mobile devices to see whether they are more or less vulnerable than competing Microsoft products.

The conclusion of Alex Stamos, who led a team of researchers from iSec Partners that researched the OS X and Windows 7 operating systems, is that Apple does pretty well, but Microsoft wins. While earlier versions of Apple’s software were more vulnerable to initial exploitation than Windows 7, the latest version, known as Lion, makes up ground.

Escalating privileges remains a problem on both operating systems, Stamos says, with OS X having more potential soft spots than Windows 7. But when it comes to network vulnerabilities, Apple is the loser. “OS X networks are significantly more vulnerable to network privilege escalation,” he says. “Almost every OS X server service offers weak or broken authentication mechanisms.”

Stamos says the bottom line is that enterprises should run Apple OS X products in isolated islands within networks.

On the mobile side, independent researcher Dino Dai Zovi says iOS does a pretty good job running applications in a sandbox that rogue applications would have to escape in order to do damage. The operating system has a dynamic signing feature for applications in which the device itself has to approve applications before running them, not just accepting the Apple certificate that says they are approved.

He says BlackBerries have better data protection than iOS, but that they lack a sandbox for running applications. He says that Google’s Android mobile operating system is more vulnerable than iOS. Android is about as secure as a jailbroken iPhone that has lost many of its security features by virtue of being jailbroken, he says.