Sign in / up

back to article Control panel backdoor found in D-Link home routers

A group of embedded-device hackers has turned up a vulnerability in D-Link consumer-grade products that provides unauthenticated access to the units' admin interfaces. The backdoor means an attacker could take over all of the user-controllable functions of the popular home routers, which includes the DIR-100, DI-524, DI-524UP …

COMMENTS

House rules Send corrections
This topic is closed for new posts.

Page:

  1. Anonymous Coward
    Anonymous Coward

    And this is why they made DD-WRT....

    1. Only buy a router that allows DD-WRT to be installed

    2. Install it.

    3. Feel annoyingly smug!

    5 1
    1. HMB
      Reply Icon

      If I Was a Security Agency

      I would have ensured a back door existed in an incredibly common driver binary for DD-WRT and received endless amusement watching people installing it to escape the other firmware I nobbled some time ago.

      Is your router secure?

      We'll see.

      0 0
  2. DropBear
    Holmes

    Regarding that string...

    ...I trust y'all have noticed that read backwards, it reads "edit by 04882 joel backdoor", yes? Okay then.

    4 1
  3. Mystic Megabyte
    FAIL

    Edimax

    I've mentioned it before but it's worth repeating that my Edimax router came with Telnet and FTP ports open by default.. Luckily I had created a long pass phrase but you have to enable SPI to close the ports.

    0 0
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Edimax

      "I've mentioned it before but it's worth repeating..."

      Oh sorry - I must have missed that post - thanks for letting me know. Silly me for not reading and remembering all your posts!

      1 0
  4. Parax

    Who Else?

    So who has control a of a zombie army of BT home hubs?

    I've been asking the router question for years, seems I'm now getting answers..

    0 0
  5. Arachnoid

    Press to connect

    Well since the BT device is supplied with the ever so friendly press to connect button which has been shown to be a digger size security hole all in itself,you should be fine getting a wifi connection,

    1 0
  6. John H Woods Silver badge

    Sale of Goods Act ...

    ... although these things are normally litigated in the US, does anyone have any insight into whether the existence of a deliberately introduced massive security flaw (into a device whose function is partly to implement security between the WAN and the LAN) could count as the goods being unfit for purpose in the UK? Any law students fancy a go at a UK test case?

    0 0
  7. tempemeaty

    Perhaps all of them are compremised ?

    At this point I'm beginning to wonder if all consumer routers by all brands have some kind of hidden back doors and/or serious security holes. Perhaps we are just at the beginning of that discovery and realization.

    0 0
  8. Vimes

    http://www.pcworld.com/article/2054500/backdoor-found-in-dlink-router-firmware-code.html

    So this has been known about for three years?

    0 0
    1. DropBear
      Reply Icon

      Erm, there's a "subtle" difference between "everybody / the relevant security circles knew about it" and "a couple of Russian hackers on an obscure forum knew about it"...

      0 0
      1. Caesarius
        Reply Icon
        Thumb Up

        @DropBear

        I can't see that it was really known three years ago. Translating the last few lines of the Russian post gives:

        And there is an interesting line in the elf-binaries Web server:

        xmlset_roodkcableoj28840ybtide

        (Try reading it backwards)

        To sum up - friends, colleagues, tell me where to find the list of users / passwords?

        So it looks as though he had not followed up the lead, at least not publicly ;-)

        0 0
    2. Destroy All Monsters Silver badge
      Reply Icon

      A web search turned up the suspicious user agent string in a post on a Russian forum three years ago, Heffner wrote, which means somebody has known about it for a while.

      All your D-Link base are belong to us.

      0 0
  9. Anonymous Coward
    Anonymous Coward

    What's the BT backdoor? Link me up so I can test it in my network.

    0 0
    1. Black Rat
      Reply Icon

      Post your IP address, somebody will contact you.. :}

      1 0
      1. Vic
        Reply Icon
        Joke

        > Post your IP address, somebody will contact you

        OK - it's 127.0.0.1.

        Thanks for your help!

        Vic.

        1 0
  10. Hans 1

    How long does it take to crack the wifi passcode ? Thought so - device 0wned even if you disable WAN admin access ... you keep the Asian script kiddies out, not your neighbour ... ;-)

    0 0
    1. Charles 9
      Reply Icon

      Given that most of these devices DO support WPA2, which supports AES as well as TKIP. These have not been compromised and most of the talk about WPA2-PSK cracking has been in the same old problems: weak passwords. As for the WPS button, which IS handy so I don't have to carry wound my standard-limit WPA key around, especially to devices where entering the key is difficult, I just make sure to use it carefully so that the device is most likely to be seen first, and I check my client tables afterwards in case of intruders.

      0 0
  11. Fihart

    Older D-Links had a flaw.

    Accidentally breached a neighbour's WPA protected router. I was using Netgear wireless adapter's interface and clicked on the neighbour's SSID and suddenly was in. Backtracked and discovered that if I flipped the Netgear interface between WPA and no security the neighbour's router was accessible. I could, if I wanted, use their internet and change settings in their D-Link (as it turned out to be) router.

    This was a couple of years ago and the ISP has stopped issuing that D-Link model.

    0 1
  12. Irongut

    “At this point, there's no defence against the backdoor, so users are advised to disable WAN-port access to the administrative interfaces of affected products.”

    WAN access to the admin interface should always be disabled in all routers everywhere.

    There is no valid reason for having it enabled.

    0 0
    1. Charles 9
      Reply Icon

      Many have noted that is IS disabled by default on most of the routers. I know it was disabled on my DIR-615 (since replaced with a new dual-band ac router).

      0 0
  13. Arachnoid

    As for the WPS button

    Hmmm the article I recall stated you could log on to the wifi regardless of if the key was pressed as the software in question scans for a relevant key for the system,

    1 0
  14. The FunkeyGibbon
    Terminator

    SHODAN

    "Welcome to my world, insect."

    0 0
  15. Mad Chaz

    Not really surprised. If at least d-link followed wifi standard properly, it would be a huge improvement. The number of dlink routers I've seen that "work fine on the old laptop", but for some reason the latest shinny laptop or tablet they got just can't connect to it would be funny if it wasn't so sad.

    0 0

Page:

This topic is closed for new posts.

Other stories you might like