 |  |  |  |  |
Router makers hide backdoor
| |||||||||
|
Router makers hide backdoor
| | |||||||
 |
 |
| | Thread Tools |
23rd April 2014, 08:47
| #1 |
| [M] Reviewer  Join Date: May 2010 Location: Romania
Posts: 153,541
 |  Router makers hide backdoor Router makers including Netgear, Cisco and Diamond have decided that rather than fixing a backdoor to their products it is better that they just plant a tree over the entrance and hope no one sees it. Over Christmas Eloi Vanderbecken of Synacktiv Digital Security discovered a backdoor in 24 models of wireless DSL routers. The problem was patched, but now Vanderbecken has found that the patch doesn't actually get rid of the backdoor—it just conceals it. He told Ars Technica that the fix suggests that the backdoor, which is part of the firmware for wireless DSL routers based on technology from the Taiwanese manufacturer Sercomm, was intentional. The backdoor exists in other systems based on the same Sercomm modem, including home routers from Netgear, Cisco and Diamond. Vanderbecken said that the "fixed" code concealed the same communications port he had originally found (port 32764) until a remote user sent a specially crafted network packet that reactivates the backdoor interface. He said that the knock packet was the same used by "an old Sercomm update tool. The packet's payload, in the version of the backdoor discovered by Vanderbecken in the firmware posted by Netgear, is an MD5 hash of the router's model number (DGN1000). His theory is that the nature of the change which uses the same code as was used in the old firmware to provide administrative access over the concealed port, suggests that the backdoor is an intentional feature of the firmware and not just a mistake made in coding. Vanderbecken said that the hack would need to be sent from within the local wireless LAN, or from the Internet service provider's equipment. They could be sent out from an ISP as a broadcast, essentially re-opening the backdoor on any customer's router that had been patched. Once the backdoor is switched back on, it listens for TCP/IP traffic just as the original firmware did, giving "root shell" access—allowing anyone to send commands to the router, including getting a "dump" of its entire configuration. http://news.techeye.net/business/rou...-hide-backdoor |
|  |
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Is Facebook trying to hide something? | Stefan Mileschin | WebNews | 0 | 6th February 2014 08:21 |
| The NSA Has Nearly Complete Backdoor iPhone Access | Stefan Mileschin | WebNews | 0 | 1st January 2014 11:15 |
| RSA didn't let the NSA in through the backdoor | Stefan Mileschin | WebNews | 0 | 24th December 2013 15:47 |
| NSA Paid Security Firm $10M For Backdoor Access | Stefan Mileschin | WebNews | 0 | 23rd December 2013 15:18 |
| Facebook: You Can Run, but You Can't Hide | Stefan Mileschin | WebNews | 0 | 14th October 2013 09:50 |
| Fallout of Apache backdoor spreads | Stefan Mileschin | WebNews | 0 | 10th May 2013 07:44 |
| Ubsoft DRM ships with backdoor | Stefan Mileschin | WebNews | 0 | 1st August 2012 09:49 |
| New Mac OS X backdoor discovered | Stefan Mileschin | WebNews | 0 | 5th July 2012 08:08 |
| ProFTPD.org Compromised, Backdoor Distributed | jmke | WebNews | 0 | 2nd December 2010 17:54 |
| Opening the TiVo Backdoor | jmke | WebNews | 0 | 1st June 2005 17:25 |
| Thread Tools | |
| |
