Securobods warn of wide open backdoor in Netis/Netcore routers Routers sold under the brand Netis by Chinese security vendor Netcore have a hardcoded password that leaves users with a wide-open backdoor that could easily be exploited by attackers, claim researchers. The backdoor allows cyber-criminals to easily change settings or run arbitrary code on routers, securobods at Trend Micro …
As these routers have upgradeable firmware, it should not be too difficult to download the firmware, change the password, and install the modded image. It would only take a few minutes to write a script to randomize rhe password, providing the original password was known.
Of course the manufacturer could provide firmware without the backdoor if their customers pressured them.
Unfortunately, most real people who buy home routers don't. They just want something that connects their PC/Laptop/tablet to the internet so they can access Facebook, ebay.
Expecting people to upgrade firmware, change passwords, writing scripts is just not acceptable.
"Expecting people to ..."
I thought that most "consumers" got their routers preconfigured from their ISP, and only "experts" bought their own. I would expect the ISP or other tech support to be able to perform the fix remotely -- this is a remote access vulnerability.
@vagabondo
I thought that most "consumers" got their routers preconfigured from their ISP, and only "experts" bought their own. I would expect the ISP or other tech support to be able to perform the fix remotely -- this is a remote access vulnerability.
The routers I'm familiar with are consumer products available anyplace that sells computers. (For example, Netis routers can be bought from Wal-Mart.). They are easy to set up. Amongst my circle of "non-IT expert" friends, a high percentage--well over half I'd estimate--set up their own wireless routers for home use. (That doesn't imply that any of us know squat about backdoor security. Therein lies the rub.)
On a different point, I'm not sure that Netis is alone in having this vulnerability.
@Hargrove
I am sure that anyone that has used a web interface to configure their router is sufficiently "expert" to use the same interface to install a firmware upgrade, if one was provided. I do not expect the average user produce their own.
"I'm not sure that Netis is alone in having this vulnerability."
These stories are a regular feature here. They are not confined to the low cost devices either.
@vagabondo "download the firmware"???
Firmware is programming that's written to the read-only memory (ROM) of a computing device.
ROM is "built-in" computer memory containing data that normally can only be read, not written to.
PROM is read-only memory (ROM) that can be modified once by a user. (not sure about the once anymore)
(whatis.com)
You could download software that could perhaps fix the problem.
Or if that device had the means to "burn" a PROM and it is a PROM then you could do that, but I am sure there is no such possibility.
You could perhaps also pull it/them out and replace with what the factory sends you.
Not an expert, must be some 30 years since I played with stuff like that, very much a part of IT and programming then, and fun.
My point is however this "Short of a fix, Trend recommends replacing vulnerable devices"..
And perhaps it will be like this:
http://www.theregister.co.uk/2014/08/26/hp_recalls_six_million_laptop_power_cords_over_fire_risk/
If those sold in the USA came from any ISP then I think they should replace the whole damned thing.
Sorry but you also forgot about EEROM and Flash Memory. Also the term used was "hard-coded" not "hardwired" -- we are dealing with firmware here, not hardware.
Most motherboards, "intelligent" devices, etc. -- including routers -- use flash memory to store their operating firmware. The system allows the flash memory to be overwritten and rebooted. That's how the firmware is upgraded. Firmware images are generally available for download from the device manufacturer's website.
The recommendation for replacement was "short of a fix". A fix is trivial, and could be implemented in-situ remotely. I would expect revised firmware images to appear at http://netis-systems.com/en/Downloads/ within a few days, but that depends on the priorities of these low-cost (approx £10) devices.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
