In fall 2019, an IT manufacturer found some network switches failing after a application improve. The company would discover later that that they had inadvertently procured suspected counterfeit Cisco equipment. The hardware failure initiated a much broader investigation to which the F Secure Hardware Security team was called and asked to analyse the suspected counterfeit Cisco Catalyst 2960 X series switches and, mainly, supply proof as to no matter if any type of a “backdoor” functionality existed in those instruments. This paper particulars the process which led to the realization and aims to share the technical knowledge the team gained in this journey. In fall 2019, an IT manufacturer found some network switches failing after a application upgrade.
The company would find out later that they had inadvertently procured suspected counterfeit Cisco accessories. The hardware failure initiated a much broader investigation to which the F Secure Hardware Security team was called and asked to examine the suspected counterfeit Cisco Catalyst 2960 X series switches and, in general, deliver evidence as to no matter if any type of a “backdoor” functionality existed in those contraptions. This paper details the procedure which led to the belief and aims to share the technical competencies the team gained in this adventure.