Slashdot Mirror

← Back to Stories (view on slashdot.org)

Belkin Routers Route Users to Censorware Ad

Posted by jamie on from the happy-birthday-megan dept.

The Register has a story today about Belkin routers redirecting their users' network traffic. To me, this seems like the logical next step after top-level domain name servers piping ads to your browser. Now the routers themselves hijack the traffic they are supposed to, uh, route -- and you'll love where they send you instead. But it's OK because you can opt out. Incidentally, the Crystal Ball Award goes to Seth Finkelstein, who in 2001 quoted John Gilmore's famous aphorism about the internet, and asked "What if censorship is in the router?"

12 of 805 comments (clear)

  1. That is insanity by tekiegreg · · Score: 5, Interesting

    Ok if I buy say a Book from my favorite online bookstore and get it shipped UPS, I'd expect it to arrive as a book right?

    But what if every one in 100 times, UPS thinks I might like a corporate logo bumper sticker instead of my book, they throw my book into the eternal void, and give me a UPS bumper sticker instead. I'm supposed to like this?

    Bottom line: When I ask a package to get delivered, and for a certain package to be received, I WANT that package, not what they think I want. Whether it's a TCP/IP packet, or a book. I fail to see the difference here.

    Bottom line, thanks to Slashdot I'm not buying my routers from Belkin (not that I'm a telecom person, but still I'd be careful if I ever had to).

    --
    ...in bed
  2. great quote by mrpuffypants · · Score: 4, Interesting

    In response criticism, a Belkin product manager came forward this week to confirm the behaviour was designed into the products as a way to make it easier for consumers to sign up to a free trial of its parental control software.

    Also in the news: the American council for airbags has been hitting people randomly in the streets to make it easier to appreciate their products. Thanks!

    Seriously, though, I don't 'get' how a company could think this would endear themselves to their customers. If Cisco pulled this shit on its customers and made all their routers randomly direct to their brand-new VPN product I think it'd make people stop using Cisco FAST

  3. Redirect hardcoded? by nizo · · Score: 5, Interesting

    Is the address it redirects to hardcoded, or can the router get hacked and a new address put in? Now that would be good PR for Belkin, someone hacks the router and redirects all web traffic to some porn site.

    --
    I Am My Own Worst Enemy
    1. Re:Redirect hardcoded? by mikeswi · · Score: 4, Interesting

      Totally theoretical, yet based on a hundred browser hijackers we've discovered at my site.

      1.) Send a spam mailing which loads a java applet when opened.

      2.) The java applet exploits the ByteVerify hole in an older version of M$ Java VM to drop a bad HOSTS file on the now-infected machine.

      3.) Belkin router hijacks an HTTP request to their site, but the HOSTS file redirects that hijack to the second hijacker's site.

      4.) The new hijacker's site can either be a pay-per-click search portal, or it can host more trojans to exploit a machine already proven to be out of date on its security patches.

      This is not an extreme example at all and could be done very easily. I see this shit every day at my site's support forums.

      When Verisign hijacked all mis-typed domain name queries, we started seeing a large number of trojans dropping bad HOSTS files that redirected sitfinder.verisign.com to their own sites.

      --
      Only on /.
  4. There's a class-action suit brewing, I'll bet by McSpew · · Score: 4, Interesting

    I agree that if I'd bought one of those things and it started redirecting my traffic, I'd consider it defective and demand my money back. Belkin's really moronic to think that this won't backfire on them and result in an expensive class-action lawsuit. Maybe they can defuse a lawsuit by offering refunds to anyone who's upset at the feature, but I'm guessing they're too sold on their own flawed logic to understand that what they did is not going to be seen as anything other than making the product do something its owners didn't ask it to do, and that Belkin didn't tell them it would do.

    I can smell the class-action attorneys lining up now.

  5. Meanwhile In Court... by Anonymous Coward · · Score: 5, Interesting

    "So Mr. Stevens, you are saying that you ordered an Extra Value Meal, and the cashier instead hauled off and punched you in the face."

    "That's right."

    "And so you are charging the cashier with assault."

    "That's right."

    "All right. Mr. Defense lawyer, what do you have to say to that?"

    "Mr. Stevens: Did you specifically ask my client NOT to punch you in the face?"

    "Huh?"

    "What did you tell him exactly?"

    "Um.. I told him, I would like a number three meal and a Dr. Pepper."

    "I see, and that was all?"

    "Um, yes."

    "Not that you wanted a number three meal, a Dr. Pepper, and to not be punched in the face?"

    "Uh.. no, just the #3 and the Dr. Pepper."

    "Your honor. How can my client be expected to be held responsible for this when Mr. Stevens was unclear about what he wanted? Had he configured his order correctly, my client would not have punched him in the face. So why is my client the one to blame? What do think Mr. Stevens expected to have happened?"

    "Hmm, excellent point. Case dismissed."

  6. I suggest a new verb: by scrytch · · Score: 5, Interesting

    Belkin (verb) - To serreptitiously alter a product in such a fashion that legitimate use is hijacked to the benefit of the manufacturer or associated beneficiaries, usually in a crass self-promoting fashion.

    It's a decent start at a definition. One could say "I installed this topdesk thing which totally belkined my browser". Let's make their name synonymous with bad behavior.

    --
    I've finally had it: until slashdot gets article moderation, I am not coming back.
  7. Re:Some other ideas... by Rex+Code · · Score: 5, Interesting

    What's next? Will the phone you buy occasionaly redirect your call to a telemarketer? Will your TV remote automatically switch channels to an infomercial?

    My TV does change channels automatically to infomercials. I have a TiVo, and one of the "features" is that at the top level menu you'll often see ads that you can choose to watch. The TiVo grabs these late at night when it thinks nobody watches TV... unfortunately if you watch live TV around 1 or 2 in the morning you'll find yourself having to opt-out of a channel change to record "TiVo enhanced content" every ten minutes or so.

    (annoying, and I wish there was a way to opt-out of this once and for all, but I'm still a big TiVo fan, and they gotta make money to stay afloat, so I put up with it)

  8. Re:Here's the angle I would take... by Rick+the+Red · · Score: 4, Interesting
    When I needed an access point, I bought a D-Link router because it was on sale (which was a mistake, because as an access point the D-Link router sucks). Fortunately for me, the Belkin wasn't on sale or I might have been stuck with one of these idiot boxes.

    I just ordered a new laptop and I'll need a new Wi-Fi card for it. Guess what brand I'm not going to pick? Unfortunately, between Linksys violating the GPL and Belkin hijacking URLs, D-Link is about the only remaining choice. Unfortunate not becuase there's anything wrong with D-Link, but because choice is good.

    --
    If all this should have a reason, we would be the last to know.
  9. Re:You may wonder how this happened: A Story. by decaf_dude · · Score: 5, Interesting

    Here's my e-mail to sales@belkin.com
    QUOTE
    Hi,

    I just want to let you know that I'm suspending purchase of several
    accessories made by Belkin for my 30G iPod because of your blatant abuse of
    customer trust (the router rerouter fiasco). Furthermore, I shall engage in
    an active campaign among friends and family to make sure none of them buy your
    products for the same reason. Being a geek by profession, a lot of my
    non-tech friends take my advice for tech purchases. Since you've been
    featured on /. already, you can be sure there are many others who'll take
    similar course of action.

    I sincerely hope your bottom line will suffer enough for you to make an
    official pledge never to ream your customers again. Or that you go bankrupt
    (financially, because morally you obviously already have).

    I feel betrayed, having recommended your products (even when priced above
    competition) for corporate and personal purchase so many times in the past,
    because of build quality I can count on. However, build quality is not
    enough; integrity and ethics are just as (if not more) important, especially
    at times of Good Enough Syndrome.

    Is this (http://slashdot.org/comments.pl?sid=85076&cid=741 9620) what really
    happened?
    ENDQUOTE

  10. Here's my letter to their PR rep by CrystalFalcon · · Score: 5, Interesting

    Good afternoon.

    My name is [name deleted], and I work as IT department manager for a medium sized company in [place deleted]. I write to you in light of the recent unveiling that Belkin are knowingly shipping routers that show commercials to the end users by hijacking HTTP connections.

    I am not sure if the product manager, Eric Deming, who designed the product to not work as expected did so understanding the full consequences if - or, rather, when - this information would become public. The one reason Belkin's name has been held in high regard at the company I work for is because of dependability. When it turns out that Belkin is actively designing products to not work dependably, but instead display advertising at the user; that reputation of dependability... well... there's not much left of it. And, as you are aware, for every one of Belkin's products, there is a competing product.

    It becomes much worse. It also turns out that Belkin has the ability to remotely modify the behavior of these routers. When I showed this fact to our network security people, they went ballistic and drove straight off to the local equipment store, only to come back two hours later with a bunch of boxes. 30 minutes later, there was a heap of discarded equipment in a disorderly pile in one corner of the networking room. The discarded items all carried the name "Belkin". I signed the receipt for the new equipment with a look, a sigh, and a nod.

    To top it off, it seems that your Mr. Deming who designed this behavior believes that every outbound hijackable connection originates from somebody sitting at a computer and browsing the web. However, more important are the automated connections. What would happen if the backup for our commercial data, which is transmitted regularly over the Internet, instead was pushed to Belkin, due to this behavior? What would happen if virus or operating system upgrade connections were the ones hijacked? Heart defibrillating equipment has been mentioned - what would happen if the heart defibrillation monitor, trying to trigger the impulse with the charging equipment, is instead redirected to a Belkin advertisement? You know, telesurgery exists and does depend on a reliable Internet infrastructure, consisting of such boxes as yours.

    This product has been designed to not work, despite charging good money for it. I lack words to describe how shameful this behavior is.

    Additionally, if the Belkin corporate culture is one that allows such a technical atrocity to make it to the shelves for one product, then it is obvious it may happen again, or has already happened, for other products. However, rest assured that this company will never again buy another Belkin product as long as I run the IT department.

    [signature]

  11. Re:Here's the angle I would take... by Anonymous Coward · · Score: 5, Interesting

    The same Netgear that hard-coded some unfortunate NTP server in their firmware, causing tons of grief for a university? These guys are faced with either throwing away a network segment, or adding tons of unicast-type hacks to try to service all of the traffic.