Misconfigurations and vulnerabilities in Cisco's EnergyWise suite can allow attackers to cause huge blackouts if the protocol is abused, researchers from ERNW GMBH said Thursday at the Black Hat conference in Las Vegas.
IT equipment is usually the biggest power consumer in non-producing corporate environments, so controlling and measuring how much energy devices consume is important and can greatly reduce energy costs. Cisco has designed its EnergyWise architecture to bring Energy Management Protocol (EMP) to mainstream IP networks as EnergyWise clients are used in many notebook computers and phones.
The energy management protocol sends out messages to devices on the system and once a device is recognized, it can be monitored. Sniffing is always possible to crack the secret and hijack a domain, since the domain shared secret is always used to recognize and find neighbors, the researchers found.
“Once we know the shared secret it's game over,” said ERNW GMBH researcher Matthias Luft, explaining that once a device is recognized as a “neighbor,” it can begin sending messages and compromise server/domain capabilities.
To hack into EnergyWise, the researchers reverse-engineered its proprietary protocol and demonstrated how the TMP's domains can be hijacked to perform denial-of-service attacks.
Earlier this week, Cisco issued an advisory noting that “a vulnerability in the EnergyWise module of Cisco IO and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device.”
[An earlier version of this story referred to the energy management module and made reference to Cisco's purchase of JouleX].