Belkin Routers Route Users to Censorware Ad

The Register has a story today about Belkin routers redirecting their users' network traffic. To me, this seems like the logical next step after top-level domain name servers piping ads to your browser. Now the routers themselves hijack the traffic they are supposed to, uh, route -- and you'll love where they send you instead. But it's OK because you can opt out. Incidentally, the Crystal Ball Award goes to Seth Finkelstein, who in 2001 quoted John Gilmore's famous aphorism about the internet, and asked "What if censorship is in the router?"

Usenet thread

[turg]

Here's the usenet thread where this was first discussed. Especially noteable are the initial discovery, the response from Belkin and the first response to Belkin. After that it it's pretty much the same thing you can expect to see here on /.

Re:Usenet thread

From: ericd@belkin.com (Eric Deming)
Newsgroups: news.admin.net-abuse.email
Subject: Re: [OT-evil marketing] Belkin does Verislime one better - router spam!
Date: 5 Nov 2003 15:25:28 -0800
Organization: http://groups.google.com
Lines: 70
Message-ID:
References:
NNTP-Posting-Host: 67.98.73.254
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1068074728 22743 127.0.0.1 (5 Nov 2003 23:25:28 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: Wed, 5 Nov 2003 23:25:28 +0000 (UTC)

"JerryMouse" wrote in message news:...
> Mr. Uh Clem wrote:
>
> [...]
>
> What does Belkin say when you complain?
>
> I'd make their life miserable until they removed the offending software from
> my machine.
>
> You did not conset to this aspect of your machine's modification - this is
> nothing less than malicious.
>
> Raise hell.

I was made aware of this posting by an e-mail that was sent to
Belkin's tech support e-mail box. Since I am a product manager for
Belkin's LAN products and was very involved with the development of
the Parental Control feature, I feel that I can shed some light on
this subject. Firstly, without trying to sound too stand-offish, we
are not talking about SPAM here. For me to clarify, an understanding
of the Parental Control service will really be needed.

Since Parental Control is a subscription service, Belkin wanted to
make registering for the service very easy. Since the router actually
will work in tandem with an outside server (Cerberian,
www.cerberian.com) registration information needs to be collected and
sent to Belkin and Cerberian to activate an account. Traditional
methods of registration, such as asking the user to go to a website or
navigate to the Router's internal Web page to enter information didn't
meet the ease-of-use goal. We elected to re-direct one http request to
the "Register Now" reminder page. (There is a link in a previous
posting if you want to see it) This page asks the user to register for
the service for a free 6 month trial. Now, granted this looks like an
ad. It should, it is intended to be informative and easy enough to
understand. At this point, the user can register or click "No Thanks".
Clicking "No Thanks" sets a flag in the Router to stop the Router from
re-directing every 8 hours to the reminder page. (Again remember, only
one http request every 8 hours). Admittedly, there is no controlling
which computer on the LAN this message will pop up on. If the user
just closes the window without clicking "No Thanks", then the flag is
never set, and the reminders will continue. Now, if you are the type
that doesn't want to click the "No Thanks" button, then no problem.
Navigate to the Router's internal web interface (default IP =
192.168.2.1), click on the Parental Control menu. In the Menu, select
"Don't Remind every 8 hours" (This phrase actually varies a bit, but
you get the idea) then click "Apply Changes". DONE. Nothing to it. By
the way, this procedure might have to be done if your router is behind
a firewall. Reason: filter.belkin.com sends a response to the Router
to set the flag. Firewalls will block the response. This might explain
the problem in a school for instance.

We did this not to be evil, we did this to make sure that any
non-techy person (part of our target audience) would have ample
opportunity to opt in or out of the free 6 month trial of the Parental
Control feature. The Router doesn't collect information on you and
send it to Belkin. We don't have the ability to SPAM you at a later
time if you select "No Thanks" or turn off the Reminder manually. I
know this feature might be misunderstood and might PO some people. I
know the manual could do a better job explaining it. These are all
things that we at Belkin are working to remedy.

Re:Usenet thread

[Cramer]

Quoth Belkin:

• This was by popular demand.

Bullshit. I'm certain no one has ever asked for their router to randomly redirect an http session for a "Parental Controls" feature. What people wanted was the PC feature, not a router that interferes with network traffic.

Now, if it were the default behaviour following the firmware update to redirect *ALL* http sessions until the feature is configured (yes/no/demo), then this would be acceptable. Stealing one connection seamingly at random is broken behavior for any network device.

Rest assured, I will not be buying Belkin shit. (Not even cables.) [Not that I have been, anyway.]

use a real router

[donnyspi]

Take an old Pentium I and put Smoothwall on it. No more Belkin and Netgear routers you get for $50 at Circuty City.

Re:Here's the angle I would take...

ericd@belkin.com

You're welcome. :)

Re:Some other ideas...

[SmackCrackandPot]

Will your TV remote automatically switch channels to an infomercial?

Not my TV, but my cable TV set top box does. Telewest (UK) just upgraded their menu systems. Now, whenever I select the [GameZone] menu option, whichever cable channel I listen to (even the BBC World News radio) is automatically switched over to the FrontRow trailer preview - No negotiation. As soon as I leave the GameZone, the channel is automatically switched back to whatever channel was playing when I started, even if the FrontRow channel is now playing a trailer I want to see.

It's good to see that cable TV system developers really know how to design good user interface.

Re:Exactly

[wo1verin3]

>> Boy did they blow this one. If they had stuck
>> to something simple like your very first HTTP
>> transaction brought up a configuration/advert
>> screen only once, then there wouldn't even be
>> a story.

Actually this is pretty much what happens. Here is a snippet from usenet.

We elected to re-direct one http request to
the "Register Now" reminder page. (There is a link in a previous
posting if you want to see it) This page asks the user to register for
the service for a free 6 month trial. Now, granted this looks like an
ad. It should, it is intended to be informative and easy enough to
understand. At this point, the user can register or click "No Thanks".
Clicking "No Thanks" sets a flag in the Router to stop the Router from
re-directing every 8 hours to the reminder page.

In summary, you have to click 'no thanks' ONCE and you'll never see the thing again unless you do a hard reset of the router.

Re:so..

[orthogonal]

I have one of these gems and it redirects the three PCs going through it about once every two weeks. Incidentally, I have clicked the opt out href probably 5 times and each time it gives me an error message saying my request did not go through then I keep getting the redirects.

I was incensed enough about this that I read all the usenet posts in NANAE about it.

In the post by the Belkin employee he notes that clicking the opt out link won't wotk if you're behind a firewall, because the response won't get through your firewall and back to the router. To turn this off, you'll have to go to the local http page hosted by the router, and opt out there. (And I'm not sure even that would work for me; my firewall is set to block localhost (127.0.0.1) to localhsot connections too, unless I've explcitly allowed them for specific applications.)

Also, the Belkin employee proudly states that the hijacking occurs once every eight hours, so if you're only seeing it every two weeks, it may mean that applications other than your browser that make requests to port 80 (http downloaders such as emusic's, rss readers, various applications auto-updating or calling wget, perl scripts, python scripts -- all of these things on my system might make http requests) may be failing silently.

If you see one hijack in your browser every two weeks, that means there are 41 (3 * 14 - 1) http requests in those two weeks being hijacked that are not browser traffic. Given that silent failure, who knows what's been lost, corrupted, or delayed on your computers.

Naturally, I'll never purchase a Belkin product again, unless Belkin certifies that whoever thought this up, and whoever approved it, have been fired.

Selling me a product, claiming it does something, and then making it intentionally fail, in order to sell me another product? Then you'll never sell me anything again.

Re:Here's the angle I would take...

[rjamestaylor]

Try their public relations manager (fitting, since this is a public relations nightmare). Be nice.

Contact:
Melody Chalaban,
Public Relations Manager
Belkin Components
501 W. Walnut Street
Compton, CA 90220

melodych@belkin.com
(310) 604-2347 direct
(310) 898-1107 fax
www.belkin.com

We're all part of the public, aren't we?

[orthogonal]

We're all part of the public, aren't we?

Contact:
Melody Chalaban,
Public Relations Manager
Belkin Components
501 W. Walnut Street
Compton, CA 90220
melodych@belkin.com
(310) 604-2347 direct
(310) 898-1107 fax
www.belkin.com

(this is (unless you get redirected by your router) publicly available information at www.belkin.com)

Re:Here's the angle I would take...

[ChangeOnInstall]

Get a Lucent Orinoco card. At least in the 802.11b days, they were *by far* the best, and they work great with Linux (if that's a concern for you).

Re:Here's the angle I would take...

[damiangerous]

Once that came to light Netgear themselves provided enough networking hardware to handle the traffic load and techs to support it free of charge to the university.

Re:Here's my letter to their PR rep

[0x0d0a]

Actually, this isn't a great idea anyway, but there are all *kinds* of things that have soft real time requirements on IP networks (granted, probably shouldn't be, but are).

Actually, I can think of a couple of reasons this is still an issue. What if it isn't on the Internet...does the connection just get dropped?

Does this device send out DNS queries to determine where to redirect stuff to?

What happens if you have a test suite for a web-based application and IT just added a Belkin piece-of-junk router? Bam, mysterious failures. You could spend a week trying to figure out what the sporadic errors you're getting are from.

What if you're using SOAP or similar software, and the software you're using doesn't deal well with mysterious crap coming back from the server?

Belkin is a piss-poor company that sells lousy hardware and overpriced cables.

They aren't on my "buy" list anymore, either (and I *have* purchased Belkin products in the past).

New reply from Eric Deming

[FearUncertaintyDoubt]

Just got this from Eric Deming. Funny, he's working late tonight!

From: Eric Deming [mailto:EricD@belkin.com]
Sent: Friday, November 07, 2003 10:05 PM
Subject: RE: defective router

Please be advised, we are working on this issue. Here is text from our latest posting to NANAE on google. It just went up, so it may not show up for a while.

All,

We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We unintentionally overlooked the effect this feature would have. We never intended to compromise the trust of our customers, and we never intend to do so in the future.

We are taking responsibility for this, and we will be offering firmware fixes early next week. We do not have exact details yet as we are still working on them, and will continue to work on them over the weekend. What we can tell you now is that each Router's firmware that incorporates Parental Control as an option will be changed.

I'll keep posting as things develop. Stay tuned...

Re:I doubt it

[devilspgd]

Take a Linksys BEFSR11/41 running 1.44.2z, Dec 13 2002, with a completely default configuration, the following URL should enable a DMZ on 192.168.0.100 all without opening up a dialog the user sees.

Next drop URLs into an almost-invisibly small FRAMEs, and have the main frame show one of those annoying "Site loading" things with a 5 second redirect to the next page of the site, target _TOP

http://admin:admin@192.168.0.1/Gozila.cgi?exIP3=10 0

(No, there shouldn't be a space between 10 0, it should be 100 -- slashdot doesn't love me)

When the browser hits the "next page", it will trigger some classic windows exploits (for education purposes only, of course)

You could turn off ZoneAlarm and PC-Cillin too if you wanted.

http://admin:admin@192.168.0.1/Gozila.cgi?Security _Key1=&Security_Status=0&Security_Enforce=1&Securi ty_Antivirus=0&Security_Exempt=0&Security_Ex_Addr_ F4=0&Security_Ex_Addr_T4=0&block_traffic=0