2 min

Cisco recently ended up bricking many switches when it tried to update them to a new software version. The fault was not with the company, but with the bricked switches. The bricked switches are not genuine Cisco products. The fake switches are highly sophisticated counterfeits, telling them apart took experts a long time.

F-Secure’s Consulting Hardware division analysed the two different devices and found that they are very similar to the originals. Telling them apart would require noticing very subtle differences.

The researchers who analysed the switches determined that whoever made the counterfeits, probably had access to engineering documents from Cisco. Or had enough switches, to be able to reproduce such impeccable mimics.

Only experts could tell the difference

Some of the subtle differences noticed included holographic stickers, usually put on the switches’ circuit boards and differences in ethernet and memory chips. To be even more convincing, the counterfeiters used genuine Cisco software to avoid detection for a long time.

The IOS used on the Cisco Switches (it’s not the same thing as iOS on Apple device) was installed by loading it into the RAM from flash with a custom bootloader. Using this method, the counterfeiters were able to ensure that Cisco software, worked on the devices.

And the fakes came tumbling down

The switches were bricked because of the improvised method. The update Cisco deployed had a genuine version that could not work well with the fakes’ custom bootloader.

It is not clear at this point who could be behind this impressive scam, but the initial report indicates that the motive is probably to make money and not industrial espionage. Cisco responded that customers should buy products from authorized dealers and partners only.

Tip: Cisco needs time to make Intent-Based Networking successful