Slashdot Mirror

← Back to Stories (view on slashdot.org)

D-Link DIR-655 Firmware 1.21 Hijacks Your Internet Connection

Posted by timothy on from the not-polite dept.

chronopunk writes "Normally when you think of firmware updates for a router you would expect security updates and bug fixes. Would you ever expect the company that makes the product to try and sell you a subscription for security software using its firmware as a salesperson? I recently ran into this myself when trying to troubleshoot my router. I noticed when trying to go to Google that my router was hijacking DNS and sent me to a website trying to sell me a software subscription. After upgrading your D-link DIR-655 router to the latest firmware you'll see that D-link does this, and calls the hijacking a 'feature.'"

7 of 428 comments (clear)

  1. Re:Why... by matthewncohen · · Score: 5, Informative

    You have to manually upgrade the firmware and going back to plan old 1.20 is exactly the same process. It's not exactly hard to "disable". I have this router and also recently updated my firmware but I have not encountered this yet...

  2. Re:Why... by mattytee · · Score: 5, Informative

    If you RTFA, you'll see that you CAN disable it.

    Still pretty hinky, though.

  3. Without SecureSpot 2.0 by KoD7085 · · Score: 5, Informative

    I haven't upgraded to 1.21; however, the reason was when 1.21 first dropped it had SecureSpot. Now I found this out by reading the information on 1.21 so I didn't download and install it. They now (and have for some time) offer 1.21 without SecureSpot; perhaps you should download and install that.

  4. Belkin has done this before by Anonymous Coward · · Score: 5, Informative

    Back in 2003 Belkin introduced a router that periodically redirected HTTP connections to advertise its own software:
        Help! my Belkin router is spamming me

    Some commentary:
        Ease-of-use or marketing-driven sabotage: Does your hardware's software do only what you expect of it?

  5. Just like Belkin back in 2003 by alanw · · Score: 5, Informative

    Here's an old article about Belkin doing a very similar thing:

    Belkin, the consumer networking and connectivity firm, has promised customers a firmware upgrade to disable a controversial 'spamming' feature built into its routers.

    As first reported on The Reg last week, the feature hijacks random HTTP requests every eight hours and redirects users to a page advertising Belkin's parental control software. There is an opt-out link but that failed to appease Net users who accused Belkin of creating a new mechanism for spam.

  6. Linksys + alternative firmware by TheSHAD0W · · Score: 5, Informative

    Linksys isn't so bad if you replace the firmware. Try dd-wrt if you want quick and easy, or OpenWRT if you want to customize. I guarantee you'll like 'em. (Get a WRT-54GL to try it on; they're cheap nowadays.)

  7. Router Setup Page downloads Securespot version by chronopunk · · Score: 5, Informative

    This is the original poster. I did a firmware upgrade from withing the router setup page not by downloading it from their website.