News - Easy to exploit backdoor found in several D-Link router models

[Saracen]

Firstly, respect for your airgap. I just couldn't do that, I simply keep that stuff in paper form in filing cabinets. Moving on...


Even not seeking a back door, some companies seem to introduce them.

The previous router I used at home opened an SSH port for admin use. Nice. Now this just gets you some simple proprietary admin commands in a captive command line interface, so I'm sure someone thought it was secure. First command I typed was "ps". Thinking it looked rather linux like, the next command I typed was "px ;/bin/sh" and lo and behold I have a root command line and total access to the internals of the router. I sure hope that is usually disabled on the WAN port, though in my case it was overridden anyway.

It's sad when you have to harden these devices yourself, but sadly that's the world we live in, despite the development processes existing to very much reduce the risk of these things happening.

My old router had an (IIRC) telnet port that bypassed all login checks and gave full admin access, including to password change routines. Damn good job, too, when I lost the note I'd written the login password on, and then forgotten it.

BUT .... it was only accessible via a direct cable connection on an RS232 port on the modem, and I had to solder up a custom cable, even then, because none of my 'standard' ones were wired right for it. Not that anything much was 'standard' on some of those RS232 cables. Now THAT is a half-decent (security wise) precaution .... you can override any an all settings, but only if, first, you know how, and second, have physical access to the router.


What still makes me nervous about this DLink story is what else might other makes have buried in their firmware and, so far, hidden from view?

[DanceswithUnix]

What still makes me nervous about this DLink story is what else might other makes have buried in their firmware and, so far, hidden from view?

Oh I expect all of them have faults, including the open source guys, hopefully not as stupid and obvious as this.

Hence if you care you should run *two* firewalls, and they must be different so whatever vulnerability gets through the first one doesn't help with the second.

[directhex]

But more worryingly, if Dlink have such a security breach in their firmware, then either it was deliberate and authorised, or control over code is pretty poor, and that is inexcusable in a product like this.

Embedded systems people are utterly utterly utterly utterly utterly utterly utterly utterly utterly utterly utterly utterly utterly utterly incompetent.

This will be low-bid-contractor idiocy, not malice.

Someone was implementing a means for OEM-rebranded routers to be remotely updated (e.g. Sky and BT routers receive firmware updates remotely), and did it in the worst way possible.