Reported counterfeit Cisco switches



A fake Cisco switch from a major network equipment vendor is on the market, security research firm F-Secure reports.

The Fake Cisco
https://labs.f-secure.com/publications/the-fake-cisco

THE FAKE CISCO Hunting for backdoors in Counterfeit Cisco devices
(PDF)ttps://labs.f-secure.com/assets/BlogFiles/2020-07-the-fake-cisco.pdf

F-Secure investigates two fake switches in the Catalyst 2960-X series. If the switch is a fake, it has been reported to be inoperable after a software upgrade with the error message 'This switch may not be made by Cisco or not certified by Cisco.' There are also companies that have unknowingly purchased fake products.



The appearance difference between the genuine product and the fake product is that the port number is printed more clearly on the left fake product than on the right genuine product, and the fake product number is misaligned. That. The shape of the triangle under the port is also slightly different.



The shape of the 'MODE' button is also slightly different, and you can see that the mark on the upper right of the management port is brighter for the genuine product.



The official product has a hologram sticker like an image attached on the board, but the fake product did not.



Comparing the switch board layouts, the mounting is significantly different between the fake product on the left and the genuine product on the right.



There are some fake and original parts that aren't in the genuine product on the board...



Features of camouflaged products such as hidden prints on the chip have also been reported.



The fake and genuine products are different internally. For example, if you analyze the firmware on the flash memory with ' Binwalk ' and compare the entropy graphs, you can see that the shape of the camouflaged product on the left and the genuine product on the right are significantly different.



Below is the analysis result of binary data by F-Secure, which shows that the firmware contains extra data. In the genuine product on the right side, there is data in the blank part, but on the fake product on the left side, there is data.



Other differences such as boot loaders and additional components to pass HBOOT authentication have also been reported. 'Fake products not only damage the trust and profits of branded companies, but also increase the security risk of companies that are victims of fake products,' F-Secure said.

in Hardware,   Security, Posted by darkhorse_log