Black Hat: Researchers hack into Cisco EnergyWise

Share this article:
Black Hat: Researchers hack into Cisco EnergyWise
Vulnerabilities in EnergyWise could let attackers cause huge blackouts if abused. Photo Credit: Black Hat 2014

Misconfigurations and vulnerabilities in Cisco's EnergyWise suite can allow attackers to cause huge blackouts if the protocol is abused, researchers from ERNW GMBH said Thursday at the Black Hat conference in Las Vegas.

IT equipment is usually the biggest power consumer in non-producing corporate environments, so controlling and measuring how much energy devices consume is important and can greatly reduce energy costs. Cisco has designed its EnergyWise architecture to bring Energy Management Protocol (EMP) to mainstream IP networks as EnergyWise clients are used in many notebook computers and phones.

The energy management protocol sends out messages to devices on the system and once a device is recognized, it can be monitored. Sniffing is always possible to crack the secret and hijack a domain, since the domain shared secret is always used to recognize and find neighbors, the researchers found. 

“Once we know the shared secret it's game over,” said ERNW GMBH researcher Matthias Luft, explaining that once a device is recognized as a “neighbor,” it can begin sending messages and compromise server/domain capabilities.

To hack into EnergyWise, the researchers reverse-engineered its proprietary protocol and demonstrated how the TMP's domains can be hijacked to perform denial-of-service attacks.

Earlier this week, Cisco issued an advisory noting that “a vulnerability in the EnergyWise module of Cisco IO and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device.”

[An earlier version of this story referred to the energy management module and made reference to Cisco's purchase of JouleX].

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.