Skip to main content

Fake Cisco switches may have infiltrated hundreds of businesses

(Image credit: Flickr / Prayitno)

Cisco recently issued a software update for some of its switches, but instead of patching the devices, it ended up bricking many of them.

However, the fault was not Cisco's own; the bricked devices were not genuine, but rather highly convincing counterfeits.

According to researchers from F-Secure Consulting's hardware division, which analysed two different fraudulent devices, the fakes are very similar to the originals, with only subtle differences.

Researchers concluded that whoever built the counterfeits either had access to Cisco engineering documentation, or invested enough in the tools to be able to mimic original PCB designs.

Among some of the changes spotted were missing holographic stickers, usually applied to the circuit boards of Cisco switches, and the fake devices also had different flash memory and Ethernet chips.

The manufacturers of the fake devices also went out of their way to make sure they flew under the radar, opting to use a genuine Cisco operating system.

The researchers believe IOS (the OS on Cisco’s switches, not to be confused with Apple iOS), was patched as it was loaded into RAM from flash. That way, the manufacturers made sure the software worked on the fake hardware. This is also how the latest updated ended up bricking the fakes; the customised bootloader was replaced with a genuine version.

It remains unclear who is behind the counterfeit hardware, though initial reports suggest financial gain was the primary motivating factor, rather than espionage.

Cisco recommends all customers buy their gear either directly or from authorised partners only.

Editor's note: Editor's note: Are you looking for an IT course to help excel your career? If you're after information to help choose the solution that's right for you, fill in the questionnaire below and we can provide you with information from a variety of vendors for free: