When The Lights Go Out: Hacking Cisco Energywise

by Matthias Luft, Ayhan Soner Koca
Sept. 23, 2017 0 comments Black Hat belen_caty Pen Testing & Audits ciscoenergywise hacking

Cisco EnergyWise is a proprietary, closed-source protocol that brings EMPs to the main stream IP networks (e.g. by including EnergyWise clients in widely used notebooks and phones). The resulting broad deployment in a high number of environments, such as office networks (for example, ThinkPad notebooks include an EnergyWise Client in the default configuration) or even data centers (as power consumption is always a huge issue), leads to the potential to cause huge blackouts if EnergyWise is misconfigured or contains vulnerabilities which can be abused. In this talk, we will describe our results on the EnergyWise architecture and protocol specification, present the reverse-engineered proprietary protocol , and show how you can hijack enerygwise domains in order to perform DoS service attacks. In addition, we will release our toolkit that implements all of the presented attacks.