You may already know that NSA has been spying on Cisco firewalls for years thanks to Edward Snowden, but it was quite a mystery exactly how they did this. Well, now we know. The Equation Group exploit code reveals that a specialized tool named BenignCertain, which was used by NSA, crafts and transmits a special Internet Key Exchange (IKE) to Cisco’s PIX firewall, obliging vulnerable devices to reply with sensitive secrets.
Cisco confirmed that the attack can compromise PIX versions 6.x and prior that were last supported in 2009. However, Cisco’s newer Adaptive Security Appliance and PIX 7.0 aren’t vulnerable to BENIGNCERTAIN. Note that, in 2013, Cisco discontinued its support for PIX gear. However, it’s not going to reassure all the security experts. According to Ars Technica, it looks like more than 15,000 networks still clinging on to PIX, with a possible vulnerability in many of them.
So, if your firewalls are still running on the pre 7.0 software, you’re at a high risk of having your VPN connections snitched. And if you ever used PIX firewalls, be sure that the NSA have spied on your encrypted data at least once in your lifetime. In 2002, the first vulnerable device went on sale.