back to article Belkin's N150 router is perfect for learning hacking skills – wait, what, it's in production?

Belkin's home routers can be commandeered by hackers, thanks to a Telnet backdoor, a cross-site request forgery (CSRF) vulnerability and other bugs, we're told. Security researcher Rahul Pratap Singh warns that the Belkin N150's builtin web server, provided so users can configure their kit, doesn't perform enough checks on …

  1. channel extended

    Santa Claus

    If I give a friend a new Blekin router for X-mas. Am I a Santa Claus or Black Peter?

    1. Mark 85 Silver badge
      Joke

      Re: Santa Claus

      With a friend who would do that, who'd would need any enemies?

  2. DougS Silver badge

    Can telnet be disabled or the password changed?

    If so, I don't see why this is a problem. You have to leave a new router open for people to access it, or they can't do any configuration. They all start out wide open in the GUI, and make you change the password first thing. If the password for telnet isn't reset when you reset the GUI password that's a problem, because the typical home user would say "what's telnet?" if you told him about this.

    The biggest problem I have with this is using telnet instead of SSH. Not because unencrypted traffic on the local network in a product designed for home use is really an issue, but because telnet is outdated and you don't want to encourage anyone to use it even in cases where its insecurity isn't a problem.

    1. cyberfail

      Re: Can telnet be disabled or the password changed?

      psst.... It cannot be killed; the daemon repopulates itself

  3. LucreLout Silver badge

    Oi Belkin!!

    Thanks very much for regarding this matter with all the urgency I regard my next fart. I'm going to give you until Friday for you to have a fix produced, tested properly, and released, after which time this will be my last ever Belkin product.

    In the mean time I'll revert to using an ancient PoS router that nobody has heard of - security through obscurity seems my last line of defence, so, thanks for that you incompetent and lazy morons. Seriously, if your developers can't build software properly then you need better developers - and you'll not find those at your local outsourcer, or offshorian slaughter house in Pune.

    1. David Roberts
      Facepalm

      Re: Oi Belkin!!

      In fact, in future I'm only going to buy hardware which can be loaded with DD-WRT or similar.

      So, LL, why are you shouting at Belkin? Why did you buy a router which is dependant on the badge sticker for quality of software and timely security updates? Hopeless romantic? A moment's inattention? Drunk at the time?

      I do get mildly exasperated at posters who suggest that anyone contributing to this forum should have more sense than to........whatever....but still.......

      1. dc_m

        Re: Oi Belkin!!

        I can see both sides here.

        I'd be annoyed if a product I bought was absolute cr*p, but then that's why I wouldn't buy belkin in the first place. Their routers have never exactly been the last word in reliability!

      2. LucreLout Silver badge

        Re: Oi Belkin!!

        Why did you buy a router which is dependant on the badge sticker for quality of software and timely security updates? Hopeless romantic? A moment's inattention? Drunk at the time?

        Not drunk exactly, more just needed something to prove to my ISP/OpenReach that the intermittent fault was not in fact the router (it wasn't). Belkin was what my local shop had and I didn't have time to do any research, besides the sale of goods act suggests that anything sold in the local store should be fit for purpose, which this clear is not.

        Ok, that last bit does sound a bit hopeless romantic, but I really don't have time to build all my own hardware or reflash everything I own repeatedly. I'm not even wholly sure I possess all the requisite skills to sufficient standard (hardware). I accept that will lead to risks but what the article describes are not risks, they're issues of basic competency.

        I'd be ashamed to turn out such garbage as my professional output, and I'm "shouting at Belkin" because corporate silence is not the way to resolve this - humility, ownership, and effort are.

    2. Anonymous Coward
      Anonymous Coward

      Belkin is crap, and always has been

      "security through obscurity seems my last line of defence"

      Seeing as the more obscure routers are probably based on standard components and software, it's quite possible they're vulnerable anyway, at least to attacks that are automated and/or probe the vulnerabilities of products.

      Anyway, yeah, Belkin is crap and has been for a long time.

      Remember that many years ago they were an early and enthusiastic adopter of the now-widespread practice of spamming users (i.e. *buyers*) of their routers with unwanted advertisements.

      More recently, my boss had another of their routers, and while it had a very attractive and useful-looking LCD status panel on the front, it was a useless, unusable POS that was eventually returned. I can still remember one Amazon review which described it as being less stable than "a caffeine-snorting spider monkey".

      Personally, I bought an "SVGA" cable from them around five or six years ago, and it exhibited *very* obvious ringing at 1024x768/85Hz (pretty average at the time) which wasn't present when using the several-years-older cable that came with my KVM (ironically, also a Belkin). As I noted in my review "I'm not sure what resolutions and refresh rates this cable *is* suitable for use with. It sure as heck isn't anything that most people have used since the 1990s."

      Belkin's description now includes the final-line disclaimer that it "will only work on monitors smaller than 17 inches". (Mine was 17 inches and I bet the artifacts would still have been visible at 15). I doubt that market was worth specifically bothering with even circa 2010, sounds like a p**s-poor excuse to justify a cable that was so poor it couldn't even handle the most MOR of (then) present-day refresh rates you'd have expected from even a bog-standard no-name lead.

  4. dotdavid

    The only Belkin router I ever had used to hang every other day, requiring physical access to reboot it. Perhaps that was some kind of security feature.

    1. Captain Badmouth
      Devil

      Hang the router?

      There's an idea. The best use for a Belkin router, tie a piece of string to it and use it as a plumb line.

  5. Spasticus Autisticus
    Mushroom

    Nice wires

    Belkin make (made?) nice cables, every router or WiFi dongle I saw from them was dreadful compared to other brands. Haven't see a Belkin router for many years now, I thought they'd given up.....

    1. Anonymous Coward
      Anonymous Coward

      Re: Nice wires

      "Belkin make (made?) nice cables".

      Made. And that must have been a long time ago- see my comment above ("Belkin is crap, and always has been") about an alleged SVGA cable that clearly couldn't handle even standard resolutions circa 2010.

  6. MrRimmerSIR!
    Facepalm

    Tomato

    Best thing I did with my Bel-end router. That, and replace the main smoothing cap (which had started to bulge), put heatsinks on a couple of the chips and a small fan in a hole cut into the side of the case. Been rock solid ever since.

  7. VinceH

    "Belkin routers are like a barrel of fish for security researchers to shoot into, or rather a barrel of fish that Belkin has riddled with holes: its boxes have been vulnerable to DNS spoofing and Wi-Fi security cracking tricks in the past few months."

    Surely, Shirley, they've been vulnerable for longer? It's only in the last few months these vulnerabilities have become public knowledge.

  8. cyberfail

    Oh... It isn't just the N-150 that's affected. Loads of fun here:

    ethicalreporting.org/belkin-fail

    Full disclosures forthcoming

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019