Black Hat: Researchers hack into Cisco EnergyWise

Share this article:
Black Hat: Researchers hack into Cisco EnergyWise
Vulnerabilities in EnergyWise could let attackers cause huge blackouts if abused. Photo Credit: Black Hat 2014

Misconfigurations and vulnerabilities in Cisco's EnergyWise suite can allow attackers to cause huge blackouts if the protocol is abused, researchers from ERNW GMBH said Thursday at the Black Hat conference in Las Vegas.

IT equipment is usually the biggest power consumer in non-producing corporate environments, so controlling and measuring how much energy devices consume is important and can greatly reduce energy costs. Cisco has designed its EnergyWise architecture to bring Energy Management Protocol (EMP) to mainstream IP networks as EnergyWise clients are used in many notebook computers and phones.

The energy management protocol sends out messages to devices on the system and once a device is recognized, it can be monitored. Sniffing is always possible to crack the secret and hijack a domain, since the domain shared secret is always used to recognize and find neighbors, the researchers found. 

“Once we know the shared secret it's game over,” said ERNW GMBH researcher Matthias Luft, explaining that once a device is recognized as a “neighbor,” it can begin sending messages and compromise server/domain capabilities.

To hack into EnergyWise, the researchers reverse-engineered its proprietary protocol and demonstrated how the TMP's domains can be hijacked to perform denial-of-service attacks.

Earlier this week, Cisco issued an advisory noting that “a vulnerability in the EnergyWise module of Cisco IO and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device.”

[An earlier version of this story referred to the energy management module and made reference to Cisco's purchase of JouleX].

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

EU conducts massive cyberattack simulation on critical networks

Conducted by the European Union Agency for Network and Information Security, the simulation launched 2,000 attacks on the networks of various critical infrastructure organizations.

FilmOn accuses DoubleVerify of distributing malware

In readying a libel suit against DoubleVerify, FilmOn says it discovered that the firm deliberately distributed malware.

Schumer: Feds should do 'top to bottom' probe of online drug marketplaces

Sen. Charles Schumer of New York has called on federal law enforcement officials to stop "copy cat websites."