Slashdot Mirror

← Back to Stories (view on slashdot.org)

NetGear Also Has Remote Access Wide Open

Posted by CowboyNeal on from the hotspot-back-doors dept.

Glenn Fleishman writes "On the heels of Linksys's WRT54G problem of not allowing remote access to be disabled in certain cases and firmware, BugTraq published this report that NetGear's WG602 access point has a hidden password that provides remote and local administrative control. Unlike Linksys's, where turning the firewall on (which is on by default, but a researcher found new units in which it was off when taken out of the box), the NetGear hole cannot be disabled. The backdoor seems to have been created by the vendor that packaged the device for NetGear."

25 of 215 comments (clear)

  1. huh? by schroet · · Score: 4, Insightful

    you can turn off the external web interface on those things right? I guess that doesn't help if you're worried about crackers on your LAN but still, it may not be as bad as it sounds.

    Undocumented = bad though,

    1. Re:huh? by RidiculousPie · · Score: 4, Informative
      This vulnerability can be exploited by any person which is able to reach the webinterface of the device with a webbrowser.
      It would appear that if the webinterface is disabled, the device cannot be compromised.
      --
      ah, mod points ... now where is my crack?
  2. Don't you mean.. by Sadiq · · Score: 5, Funny

    "The backdoor seems to have been created by the vendor that used to package devices for NetGear"

    --
    SysWear - Geek T-shirts (UK/Europe)
  3. Fixed in new firmware, available here: by Anonymous Coward · · Score: 5, Informative

    http://kbserver.netgear.com/support_details.asp?dn ldID=735

    1. Re:Fixed in new firmware, available here: by I+confirm+I'm+not+a · · Score: 4, Funny

      Thanks, just downloaded and upgraded.

      (Off topic: was anyone else disappointed that the "super" login didn't make the web control panel reveal easter eggs? I mean, you just had to try it while you were upgrading, right?)

      --
      This is where the serious fun begins.
    2. Re:Fixed in new firmware, available here: by Chucky+B.+Bear · · Score: 5, Informative
      I've just upgraded to the latest firmware. It is NOT FIXED!!!! They have simply gone and changed the username and password to something else. There is STILL a default superuser account with password.

      (You can find it yourselve by just taking similiar steps as in the securityfoces article.)

  4. One wonders what the internal policies are ... by xmas2003 · · Score: 4, Insightful

    I think everyone can agree that backdoor passwords are a BAD idea - makes one wonder what the internal policies are at these companies - and what happens when they do a source code audit after these are found and track down the programmers who put 'em in.

    --
    Hulk SMASH Celiac Disease
    1. Re:One wonders what the internal policies are ... by Trigun · · Score: 5, Funny

      There's a backdoor in the software auditing software. The programmer is safe.

    2. Re:One wonders what the internal policies are ... by AntiOrganic · · Score: 4, Insightful

      This is absolutely idiotic. All routers have a default username/password combination that is restored when using the firmware reset button typically hidden on the back of the router. There is no reason to create an administrative backdoor for this purpose when there's a readily-accessible password reset feature built into the device.

    3. Re:One wonders what the internal policies are ... by Fulcrum+of+Evil · · Score: 4, Interesting

      There is no reason to create an administrative backdoor for this purpose when there's a readily-accessible password reset feature built into the device.

      Sure there is. The reset button will nuke the configuration, the logs, and whatever else state is there, thus confounding debugging by the tech support. A single password is stupid, though. What's needed is something that requires the router s/n, the router's idea of the date, and a passcode generator from cisco. Give the aforementioned info to cisco TS and they can generate a 1 or 2 hour passcode for your router. You could also add a switch to enable this feature on the router itself, but that may not be practical.

      --
      "We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
    4. Re:One wonders what the internal policies are ... by jtheory · · Score: 4, Insightful

      Sure there is. The reset button will nuke the configuration, the logs, and whatever else state is there, thus confounding debugging by the tech support. A single password is stupid, though. What's needed is something that requires the router s/n, the router's idea of the date, and a passcode generator from cisco. Give the aforementioned info to cisco TS and they can generate a 1 or 2 hour passcode for your router. You could also add a switch to enable this feature on the router itself, but that may not be practical.

      I'm not convinced. This is only a concern in cases where you're having technical problems, AND you somehow forgot your password. The danger of having a backdoor easily outweighs the potential benefits. Even with a special password generator from NetGear -- you're still talking security through obscurity. I want to set up my router, make sure it's secure, and forget about it! I don't want to keep checking online to see if you can download N3tg34r_PwG3n.exe yet... and you know it's going to show up eventually.

      Half the time you have any technical issues, the tech support is just going to tell you to do a hard reset anyway....

      Even if they gave you one of those paperclip-hole style buttons that would reset all your passwords to your device's serial number (or to enable some other backdoor), this would still be dangerous in a lot of situations. Suppose you're running an internet cafe -- you can't always trust the people sitting around your router!

      Either way, I don't think this backdoor was installed for tech support reasons -- it doesn't even seem to have been installed by NetGear themselves. Hopefully some more details will come out soon... and hopefully some heads will roll.

      It's funny; I just read that new story by the AdTI guy explaining how Linux wasn't safe to use because it depended on "trust". Hah! How nice for the corporate world to step forward and show that *they* can be trusted.

      --
      There are only 10 types of people: those who understand decimal, those who don't, and, uh, 8 other types I forget.
  5. The problem of convinience by luvirini · · Score: 5, Insightful
    This is a general problem when you buy ready made solutions in the form of "boxes" , you cannot be fully sure of anything inside so it is basically a question of trust.

    For example firewalls:

    Question 1: how do you know the box firewall you bought is secure and no backdoors?

    Answer: normally you do not.

    Question 2: Why do majority ofpeople buy those instead of making their own?

    Answer: Because it is a lot more convinient

    So instead of spending time to build something, most people want to just get something that works and thus have to just trust the vendors, as they do not have the skill/time/inclanation/will etc to do it themselves.

    1. Re:The problem of convinience by Temporal · · Score: 4, Insightful

      Question 1: How do you know the CPU you bought is secure and has no code-modifying backdoors?

      Answer: Normally you do not.

      Question 2: Why do the majority of people buy those instead of manufacturing their own?

      Answer: Because it is a lot more convenient.

      Any piece of hardware can have a backdoor in it, really. If anything, you're probably safer buying the system all in one piece, because:

      1) A packaged system built by a respected company is likely to be far better reviewed and tested than something you assemble/install yourself.

      2) If it has a hole, you know exactly whom to blame (and perhaps sue for damages, if exploited).

    2. Re:The problem of convinience by Harodotus · · Score: 4, Informative

      Smoothwall is exactly that, a custom Linux distro with boot-from-cd install that only requires you to hit "enter" a couple dozen times to turn any old 2 nic pc into a pre-configured modern firewall with internal NAT and DHCP.


      I use it and find it very handy (lots of old PC hardware about)

      --
      Its not users who are broken, it's systems not taking account their likely behaviour and fixing it technically.
  6. taiwan, eh? by abscondment · · Score: 5, Funny

    A search on Google revealed that "5777364" is actually the phonenumber of z-com Taiwan which develops and offers WLAN equipment for its OEM customers.

    This number, surprisingly enough, is also the total amount of wooden furniture shipped from Malaysia to Bahrain in 1998. Conpsiracy! Conspiracy!

  7. Possibilities. by alexatrit · · Score: 5, Interesting

    It's possible that that this goes on a whole lot more than we'd like to admit. Just yesterday I was talking to a friend who called Dell technical support about her BIOS password on an Inspiron 5000. She had forgotten it, and couldn't access her settings. Unlike the old days where you'd crack open the box and to the BIOS jumper switch, Dell provided her with a 6 character BIOS password that magically unlocked her system.

    --

    Nothing but the finest in meaningless drivel
    1. Re:Possibilities. by alexatrit · · Score: 5, Informative

      I stand corrected, here.

      "The only way to clear the BIOS password is with a Master Reset Password provided by Dell for that Model No. and they will not give you the master unless you can give them the name. address and telephone of the registered owner. However the password is universal for all laps with the same model no., so if you know someone who is a registered owner, you can call Dell and get the master."

      Reference here. That being said, the master for an Inspiron 5000 is BLVJCH. Booyah!

      --

      Nothing but the finest in meaningless drivel
  8. Re:No backdoors with BSD! by Trigun · · Score: 5, Funny

    best line i could think of was "why do you come back and try my new kernal on...

    You should try my pick-up line: Excuse me miss, but does this rag smell like chloroform?

    Works every time.

  9. Awesome! by SuperBanana · · Score: 5, Funny
    Fixed in new firmware, available here:

    Super! Now I just have to downlo
    [CONNECTION DROPPED, REMOTE SIDE 0WN3D]

    --
    Please help metamoderate.
  10. linked properly for the lazy by Anonymous Coward · · Score: 5, Informative

    Netgear Firmware Upgrade

  11. It's a feature, not a bug. by gumpish · · Score: 5, Informative

    The URL is "mangled" for people browsing with mobile devices. The space is added so tiny displays can word wrap the text. (And also so crapflooders can't make your horizontal scroll bar appear.)

    Personally I think the number of people using such browsers is probably so small that there is no justification for this "feature", but since Slashdot isn't likely to change, URLs should be submitted as proper links and not just plan text.

  12. Take my advice by Q2Serpent · · Score: 4, Informative

    I know this is a huge problem for the general public, but for those of us with a linux machine, do what I do and save yourself some trouble: put two network cards in the linux machine. Connect one to the internet and the other to your wireless router's normal ethernet ports (don't use the port that is supposed to be for the internet). Then, just set up your linux firewall/NAT, and you get all the benefits of wireless and a wired hub on the inside, with a linux machine doing the routing/firewalling for security from the outside. Since the router isn't on the net, no one can even touch it.

  13. Good grief... by zoloto · · Score: 4, Interesting

    I tried this recently on my own unit. Works like a charm. Now that I'm really pissed, it looks like I'll might have to really complain through the courts by filing a motion with the intent to sue. Not only that, but get that old 500mhz p3 out of the closet and turn it into a router/NFS/SAMBA server and sell the POS netgear router on eBay.

    That was the last straw. No more firmware based routers unless I make them myself, or use exsisting ones as wireless switch and really try to lock it down or use third party firmware. /end_rant

    learning how to make a linux router / NFS will be handy anyhow

  14. Well, at least it's only an access point by the+eric+conspiracy · · Score: 4, Insightful

    These things usually sit behind a firewall, so you aren't in quite as bad shape as if it offering it's private parts to the general internet like the Linksys.

  15. Re:Just another reason by kfg · · Score: 4, Insightful

    This isn't outsourcing in the sense that IBM outsources its programing and support staff. It's oursourcing in the sense that your Raleigh bicycle is actually a Giant with a Raleigh sticker on.

    It isn't even really outsourcing in the sense that Dell oursources its video cards to ATI, its cpus to Intel and its CD drives to LG, which is all perfectly legitimate. Would you really expect Dell to make its cpus and capacitors?

    You buy stuff and market it.

    z-com is the actual manufacturer and they sell their products to marketers. Netgear just buys the stuff and resells it.

    Just like you could go to z-com and have them slap some stickers on stuff for you to resell. Or Giant. Or whoever makes Levis and Calvin Klien jeans in China. Or. . .

    This isn't about "outsourcing." This about a marketing firm getting stuck with some bad product.

    KFG