It's 2019 so now security vulnerabilities are branded using emojis: Meet Thrangrycat, a Cisco router secure boot flaw

That's how you pronounce 😾😾😾: A means to bury spyware deep inside pwned networking gear

Security weaknesses at the heart of some of Cisco's network routers, switches, and firewalls can be exploited by hackers to hide spyware deep inside compromised equipment.

In order to exploit these flaws, dubbed 😾😾😾 or Thrangrycat by their discoverers, a miscreant or rogue employee needs to be able to log into the vulnerable device as an administrator, and can thus already do a lot of damage or snooping on your enterprise anyway.

What makes 😾😾😾 interesting is that it can be used by an attacker to take that initial privileged access and go deeper, making fundamental changes to the way the equipment boots up so that spyware, once installed, is always secretly present and running, and can't be patched out or removed. Normally, not even admin users are allowed to do that. The vulnerability allows malicious code to persist on compromised systems.

Technical overview

Thrangrycat comes in two parts. First, there's a flaw (CVE-2019-1862) in the web-based user interface of the Cisco IOS XE Software that can be exploited by a logged-in administrator to execute commands as root on the underlying Linux-based shell.

A rogue admin can leverage that input-sanitization vulnerability to exploit the second part: it is possible to use the aforementioned root-level access to change the firmware (CVE-2019-1649) used to configure an on-board FPGA chip that's used to securely boot the equipment.

FPGAs are chips with thousands of logic gates and other circuitry that can be rewired as required on-the-fly to perform custom operations in hardware. How the gates and circuits are connected and interact is defined by a bitstream stored in the motherboard firmware.

network panel cables

Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are – oh no, wait, it's Cisco again


The FPGA in this case is configured to implement what Cisco calls its Trust Anchor module: this technology ensures the equipment boots software that is legit and hasn't been tampered with. It verifies the integrity of the system code before allowing the main processor to execute a bootloader that starts up the whole thing.

Unfortunately, the Trust Anchor module (TAm) doesn't check that its own data is legit: the bitstream sits unprotected in an SPI flash chip on the motherboard, and can be twiddled with by someone with root access.

Therefore, if you alter this configuration data as root, the next time the kit boots up, the FPGA will read in its tampered-with bitstream from the flash storage. This modified bitstream could cause the TAm to allow any operating system to start up, even one with malware stashed in it, and prevent any more changes to the bitstream stored in the firmware.

Thus if you get root access, you can hide your backdoor or network surveillance tools in the device's operating system, then you can change the bitstream in the firmware to allow that malicious code to boot, and block any further attempts to change the bitstream. Then restart, watch your changes come into effect, and spy away.

It's ingenious, but again, bear in mind, a miscreant would need admin-level access to get started, so you're probably hosed at that point anyway. Crucially, this vuln means a snoop in your network infrastructure can persist even after you think you've flushed them out with software patches and password changes.


😾😾😾 was found and reported by a team from Red Balloon Security – specifically, Jatin Kataria, Richard Housley, James Chambers, and Ang Cui – after they spent the past three years digging into FPGA-based gear. In the last year or so they have specifically looked at Cisco’s use of an FPGA chip in its TAm.

“We tried to push the envelope by using direct bitstream manipulation, a relatively new technique,” Dr Ang Cui, the chief scientist of Red Balloon Security, told The Register on Monday. “In 2012, when Cisco was introducing this, no one thought it was possible but seven years later it is.”

The full details are not going to be released until this year's Black Hat USA security conference in August. Cisco was privately tipped off by Red Balloon Security in November 2018, and only now is the issue public. The 😾😾😾 exploits were tested on a Cisco ASR 1001-X, though plenty of devices are at risk because they use the FPGA-based TAm. The team summarized Thrangrycat thus:

An attacker with root privileges on the device can modify the contents of the FPGA anchor bitstream, which is stored unprotected in flash memory. Elements of this bitstream can be modified to disable critical functionality in the TAm. Successful modification of the bitstream is persistent, and the Trust Anchor will be disabled in subsequent boot sequences. It is also possible to lock out any software updates to the TAm’s bitstream.

Cisco has published advisories on both flaws highlighted by the researchers, and listed all affected products. Switchzilla has issued free patches to install to kill off both bugs. Obviously, if you've already been pwned via the secure boot hole then there's a chance the fix for the FPGA bitstream blunder won't work, though there is no indication anyone's actually exploiting Thrangrycat.

Cisco, for one, told us it "is not aware of any malicious use of the vulnerability." So, get patching. ®

Similar topics

Narrower topics

Other stories you might like

  • VMware claims 'bare-metal' performance on virtualized GPUs
    Is... is that why Broadcom wants to buy it?

    The future of high-performance computing will be virtualized, VMware's Uday Kurkure has told The Register.

    Kurkure, the lead engineer for VMware's performance engineering team, has spent the past five years working on ways to virtualize machine-learning workloads running on accelerators. Earlier this month his team reported "near or better than bare-metal performance" for Bidirectional Encoder Representations from Transformers (BERT) and Mask R-CNN — two popular machine-learning workloads — running on virtualized GPUs (vGPU) connected using Nvidia's NVLink interconnect.

    NVLink enables compute and memory resources to be shared across up to four GPUs over a high-bandwidth mesh fabric operating at 6.25GB/s per lane compared to PCIe 4.0's 2.5GB/s. The interconnect enabled Kurkure's team to pool 160GB of GPU memory from the Dell PowerEdge system's four 40GB Nvidia A100 SXM GPUs.

    Continue reading
  • Nvidia promises annual updates across CPU, GPU, and DPU lines
    Arm one year, x86 the next, and always faster than a certain chip shop that still can't ship even one standalone GPU

    Computex Nvidia's push deeper into enterprise computing will see its practice of introducing a new GPU architecture every two years brought to its CPUs and data processing units (DPUs, aka SmartNICs).

    Speaking on the company's pre-recorded keynote released to coincide with the Computex exhibition in Taiwan this week, senior vice president for hardware engineering Brian Kelleher spoke of the company's "reputation for unmatched execution on silicon." That's language that needs to be considered in the context of Intel, an Nvidia rival, again delaying a planned entry to the discrete GPU market.

    "We will extend our execution excellence and give each of our chip architectures a two-year rhythm," Kelleher added.

    Continue reading
  • Amazon puts 'creepy' AI cameras in UK delivery vans
    Big Bezos is watching you

    Amazon is reportedly installing AI-powered cameras in delivery vans to keep tabs on its drivers in the UK.

    The technology was first deployed, with numerous errors that reportedly denied drivers' bonuses after malfunctions, in the US. Last year, the internet giant produced a corporate video detailing how the cameras monitor drivers' driving behavior for safety reasons. The same system is now apparently being rolled out to vehicles in the UK. 

    Multiple camera lenses are placed under the front mirror. One is directed at the person behind the wheel, one is facing the road, and two are located on either side to provide a wider view. The cameras are monitored by software built by Netradyne, a computer-vision startup focused on driver safety. This code uses machine-learning algorithms to figure out what's going on in and around the vehicle.

    Continue reading
  • AWS puts latest homebrew ‘Graviton 3’ Arm CPU in production
    Just one instance type for now, but cheaper than third-gen Xeons or EPYCs

    Amazon Web Services has made its latest homebrew CPU, the Graviton3, available to rent in its Elastic Compute Cloud (EC2) infrastructure-as-a-service offering.

    The cloud colossus launched Graviton3 at its late 2021 re:Invent conference, revealing that the 55-billion-transistor device includes 64 cores, runs at 2.6GHz clock speed, can address DDR5 RAM and 300GB/sec max memory bandwidth, and employs 256-bit Scalable Vector Extensions.

    The chips were offered as a tech preview to select customers. And on Monday, AWS made them available to all comers in a single instance type named C7g.

    Continue reading
  • Beijing reverses ban on tech companies listing offshore
    Announcement comes as Chinese ride-hailing DiDi Chuxing delists from NYSE under pressure

    The Chinese government has announced that it will again allow "platform companies" – Beijing's term for tech giants – to list on overseas stock markets, marking a loosening of restrictions on the sector.

    "Platform companies will be encouraged to list on domestic and overseas markets in accordance with laws and regulations," announced premier Li Keqiang at an executive meeting of China's State Council – a body akin to cabinet in the USA or parliamentary democracies.

    The statement comes a week after vice premier Liu He advocated technology and government cooperation and a digital economy that supports an opening to "the outside world" to around 100 members of the Chinese People's Political Consultative Congress (CPPCC).

    Continue reading

Biting the hand that feeds IT © 1998–2022