Were it an American manufacturer the backdoor would be better concealed
Security researchers say they have discovered a hidden backdoor in wireless routers from Chinese hardware manufacturer Tenda. Craig Heffner, the same researcher who uncovered a backdoor in routers from D-link, found the latest problem. He uncovered the functionality, which ships with Tenda's products, after unpacking firmware …
@ElReg!comments!Pierre: "More like a relatively minor vuln"
How do you accidentally insert the string 'w302r_mfg' into the source code
"Attackers could take over the router and execute commands by sending a UDP packet with a special string .. They all use the same 'w302r_mfg' magic packet string,"
> How do you accidentally insert the string 'w302r_mfg' into the source code
Oh, you don't.
Occam's shaving implement suggests "you" codes a workaround for internal dev work and "you" forgets to remove it from the dev branch before it's rolled out by "you" 's marketing dept.
The facts (only accessible from the local network, requires WPS with unmitigated access) make it a blunder rather than a backdoor.
Little known fact: "WPS" actually stands for "hassle-free connection for those who don't care too much about security". True story.
Nope, it was on purpose, to implement an attack on the west in the future.
Would a programmer use the string "w302r_mfg" or something that didn't involve using the Shift key to type, like his dog's name.
Also, "manufacturing" is an English word. They used that string for plausible deniability. I think that's why the backdoor only works from inside the LAN. Outside would be way suspicious and my guess is that they can already break into millions of home LANs through the user PCs. Another column said that the red chinee have stacked up dozens of vulnerabilities.
Faye Kane ♀ girl brain
Sexiest astrophysicist you'll ever see naked
> It merits noting that there was a Cisco vulnerability not long back
Sure. to be honest I don't care much about specific vendors, and especially not about Cisco (one of their router models I had to deploy gave me no end of trouble a few years back). This particular story still strikes me as the typical firmware dev blunder, as happens all the time with closed-source, rushed projects. There is simply not enough peer validation in the closed-source system. See asdf's very apt comments in this very thread.
To this regard, this is a relatively minor vuln, certainly nothing worth getting paranoid "government-mandated backdoor"-style.
Most router manufactures (eventually) in the wake of reaver wps brute force attacks have actually implemented rate limiting of some form (some implementations are better than others).
The best option in any router that has WPS is the option to turn it off.. assuming it does, if i remember correctly dlinks at one point (since fixed) didnt actually turn it off.
Thankfully ive only ever had one tenda router and it still sits in a box (as it was never used thankfully).
Sadly most people install direct purchase routers and forget about it and many routers dont auto update firmware's, in a way its good that isp supplied routers do get pushed updates in most cases (that being normally the only good thing about having an isp supplied router).
These days i dont install anything thats not wrt based between the main network and the outside world, manufactures orphan devices, are slow in releasing firmware fixes (if they do at all) and as this shows many hide a way back in.
Just search for a manufacture:
My understanding of the article was that the router is entirely safe from attack from the Web, but if something is installed on the local area network then it can be backdoored?
So someone would have to hack into your computer through any firewalls etc, before they can turn around and attack your router. Am I missing the threat here? If they can already hack into your computer, getting access to the router seems trivial...
Not quite, it's open to the WLAN as well, which means someone, in theory, can brute force your Wireless and redirect stuff, for example, changing you DNS settings.
I'd rate it a low to medium risk as you need to actually be somewhere near the kit and have time to do it, without attracting attention to yourself.
Wheather they want it to or not.
The word will get round if you kit is s**t.
And while I'll not it's on the internal side rather than the external side it is wireless, so not quite as "internal" as I'd like for a start.
I like my privacy so I disable wireless access to the router by default. But that's not always an option.
Thumbs up for finding it. The mfg can have a thumbs down for putting it there in the first place.
"The word will get round if you kit is s**t."
Unfortunately it'll only get round tech circles.
The cheap kit will still be available, and bought by the most vulnerable (shoppers at PC world).
The more tech savvy would have rendered themselves immediately immune by turning off WPS as a matter of course.
Unfortunately it'll only get round tech circles.
It does provide a wonderful set of opportunities where a minimum of technical skill, a penchant for shady activities and a bit of legal nous all come together.
Oh noes officer, my router has been backdoored. Literally anyone could have downloaded all this kiddy porn, unlicensed media, bomb making instructions, list of stolen credit card numbers or whatever else it was you were going to prosecute me for.
> Source code for the GoAhead web server used in Tenda products has been made available on GitHub.
I'm not claiming that statement isn't true (a lot of embedded products use GoAhead web server code). What I don't see is what it has to do with the rest of the story. Was the backdoor inserted in the GoAhead code? Was that back door present in the source code on GitHub?
Is everyone really this naive? it's a software vulnerability, better known as a cock up. Are you so conditioned by the media? MS used to have more holes than swiss cheese... Was that a conspiracy? NO! Not until the US are eventually caught red handed anyway. Try to stop watching the news and reading news papers then you can form your own opinions and begin to leave the collective. GEEZ!
while it's admirable that you seek out news from sources outside the mainstream, you may also find it valuable to include sources that include different points of view (the internet makes it far too easy to ignore opposition viewpoints since it's trivial to find a community that mirrors your own opinions).
Yet more reason to ditch the stock firmware at least for home routers (and if a router doesn't have open source alternative firmware support don't buy it). OpenWrt, Gargoyle, Tomato, DD-Wrt are all better %95 of the time anyway. The only exception is due to some closed source drivers in some cases the stock firmware may have longer wireless range and better wireless throughput but then again the internet is usually your bottleneck.
Biting the hand that feeds IT © 1998–2020