Cisco router rootkit 101

A security researcher has demonstrated how to install a rootkit on Cisco routers through the router's Internetwork Operating System (IOS).

Core Security's Sebastian Muniz demonstrated the rootkit last week at the E.U. Security West Conference in London.

Rootkits are nothing new for desktop PCs, but thus far none had been successfully written for network routers. In an alert issued earlier in the month, Cisco acknowledged Muniz's work but also stated that the company had not seen any exploit code in the wild that uses the technique. The advisory also instructed administrators how to protect against such a theoretical attack.

Muniz has not posted his presentation notes yet, though according to an account posted on the mailing list for the North American Network Operators Group, Muniz's approach involves making and downloading an image of the operating IOS, altering the portion dealing with log-in passwords, and then uploading the altered image onto the flash memory of the router.

Although Muniz used the Cisco operating system, the approach could also be used for routers from other companies, he said in an interview on the conference Web site.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected