CISCO RoomOS Devices User Guide

CISCO RoomOS Devices User Guide

There are currently no RoomOS devices that are capable of sharing their network connection to connected devices e.g., laptops. If support is added at a later date, there will be multiple means to prevent or disable the functionality. RoomOS devices feature security measures such that malicious actors are unable to covertly add the capability.

1. Introduction

Many organizations use Cisco devices to enable video conferencing to take place over their secure networks. These devices are frequently connected to peripheral devices, such as laptops, via their USB-C connectors. This configuration presents a potential security risk at the network boundary, as the USB connection could enable the RoomOS device to inadvertently share its privileged network access with unauthorized devices. This document aims to comprehensively assess and address this hypothetical vulnerability, in order to safeguard the integrity and security of the network.

2. Background

The core issue can be summarized as follows:

  •  Ethernet frames (IEEE 802.3i) can be transmitted across various physical media in all major operating systems.
  • USB connections are capable of carrying these Ethernet frames.
  • Despite potential performance limitations due to frame sizes in older USB standards, they remain viable for this purpose.
  • Additionally, USB to Ethernet interfaces exist as integrated circuits.

As a result, any connection utilizing USB protocols has the potential to serve as an Ethernet-compatible physical layer. It is important to note that a USB-C port is not required to support either of the USB protocols; hence, the presence of a USB-C port does not necessarily imply an Ethernet-compatible interfaceiii. Furthermore, a proposal exists to support the Ethernet protocol over a USB-C connector through an alternate mode, without encapsulating Ethernet frames in USB frameset.

Ethernet over USB on RoomOS devices
Newer RoomOS devices, e.g. Desk Prov, Room Barvi, and Room Kit EQvii, do not have any USB Ethernet or Ethernet over HDMI functionality. The only exception is the now-discontinued Desk Hub which had a hardware interface, not present in other RoomOS devices, that offered Ethernet over USB through the USB-C connectorviii.
In theory, any networked collaboration device could be transformed into a gateway for a peripheral device by implementing an Ethernet over USB protocol, such as MS-RNDISix, among other methods.

3. Risks and mitigations

In the following sections, we will succinctly describe the types of risk and their corresponding mitigations.
Ethernet over USB as an official feature Ethernet over USB is a frequently requested feature for Cisco RoomOS devices, and Cisco may decide to implement it in future RoomOS versions.

Mitigation

  • Announcement of the feature through appropriate channels in advance.
  • Administrative tools in Control Hub for configuration, including the ability to disable the feature on a per-device or organization level.
  • No support for the feature on no-radio devices.

Ethernet over USB implemented by malware
An attacker who successfully modifies the software on a RoomOS device could implement support for an Ethernet over USB protocol of their choice, such as MS-RNDIS. This would allow them to access the privileged network with an arbitrary device by connecting it to the RoomOS device.

Mitigation
The integrity of software images installed or booted on a RoomOS device is verified through a combination of cryptographic techniques, including SHA512 hashing and RSA public-key cryptography. To successfully load a modified software image, such as one that covertly supports Ethernet over USB, a threat actor would need to overcome these and other industry-standard security measures like Secure Boot. Moreover, the devices are equipped with a safeguard that prevents the installation of a software image older than the currently installed version. However, there is an explicit list of exceptions related to the “advanced software control” options available in Control Hub.

4. Conclusion

Current RoomOS devices do not possess the capability to share their network connections with connected peripherals, such as laptops. Should this feature be introduced in the future, there will be multiple mechanisms in place to prevent or disable the functionality, ensuring the security of the network. RoomOS devices are designed with robust security measures that make it extremely difficult for malicious actors to covertly add such capabilities.

©2023 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

© 2023 Cisco and/or its affiliates. All rights reserve.

Leave a comment

Your email address will not be published. Required fields are marked *