Security News > 2021 > June > Cisco Smart Install Protocol Still Abused in Attacks, 5 Years After First Warning
Cisco's Smart Install protocol is still being abused in attacks - five years after the networking giant issued its first warning - and there are still roughly 18,000 internet-exposed devices that could be targeted by hackers.
Cisco describes Smart Install as a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches.
Cisco first warned about the misuse of Smart Install in 2016, after an exploitation tool was made available.
It was reported in 2018 that the Smart Install feature had been targeted by hacktivists in attacks aimed at Cisco switches in Iran and Russia as part of an apparent pro-US attack, as well as a state-sponsored cyberespionage group linked to Russia.
In 2016, the number of networking devices exposed to attacks via Smart Install exceeded 250,000, and dropped to 168,000 by 2018.
The attackers abused the Cisco Smart Install protocol to replace existing configuration files with a text file containing an anti-West manifesto.