Cool stuff, was only a matter of time.
I was pondering the idea after thinking about the implications of Operation Cisco Raider and then this news broke.
Between off-market / pirated devices being deployed in sensitive environments and now an ios flash rootkit there is a lot of damage potential, especially if rootkits for the separate Cisco Pix (firewall) OS pop up as well.
Employing an undisclosed exploit or obfuscating an unpatched exploit to bypass ids/ips/etc bypass for the purpose of implanting a rootkit would greatly hinder audit/detection/tracing efforts, extend the effective system-access time and possibly even void future update/patch attempts if combined with a bootstrap.
Expect the information to be vague though as Cisco threw their legal team at the last big IOS threat, nothing like security through obscurity while the Chinese/Russian Military to say nothing of private corporations work on their own rootkits behind closed doors.
Edited by jabzor, 15 May 2008 - 11:22 PM.