Backdoor Found In TP-Link Routers

← Back to Stories (view on slashdot.org)

Backdoor Found In TP-Link Routers

Posted by Soulskill on Friday March 15, 2013 @12:49AM from the control-of-your-router-hosted-in-the-cloud dept.

New submitter NuclearCat writes "Polish security researchers have found a backdoor in TP-Link routers, allowing an attacker to not only gain root access to the local network, but also to knock down the router via a CSRF attack remotely. (Further information — Google translation of Russian original). According to the researchers, TP-Link hasn't yet responded to give an answer about issue. The good news: Users who replaced their TP-Link firmware with Open/DD-WRT firmware can sleep well."

5 of 197 comments (clear)

Min score:

Reason:

Sort:

English news article by hweimer · 2013-03-15 00:54 · Score: 5, Informative

The H Security: Treacherous backdoor found in TP-Link routers

--
OS Reviews: Free and Open Source Software
I have to wonder why they bother... by fuzzyfuzzyfungus · 2013-03-15 00:55 · Score: 5, Interesting

Given the relatively dismal reputation of vendor firmware on most routers, and the distinctly limited opportunities for software-differentiation in the 'well, it sits there and makes the internet wireless, right?' networking market, I honestly have to wonder why most vendor firmware isn't just thinly-skinned Open or DD WRT out of the box...
1. Re:I have to wonder why they bother... by neokushan · 2013-03-15 01:24 · Score: 5, Informative
  
  As far as I know, that's more or less what Asus does. I have an RT-N66U and it's an absolute dream box. It's based on one of the open source firmwares (I can't remember which one though, DD-WRT, OpenWRT or Tomato), Asus releases the source code to the firmware and you don't have to do anything fancy to install a custom variant of it, just upgrade your firmware manually like you would on any other router except pick the custom firmware file.
  
  --
  +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
Re:Looks like the firmware upgrade by ledow · 2013-03-15 01:30 · Score: 5, Informative

Should be fixed, yes. Critical to your network security? Not really.
It requires someone to convince a local user to click a link which not only executes an HTTP request against the router but also somehow starts up a TFTP service on the machine that executes that request, with some crafted files served from it to compromise the router when it asks for them.
It's a home router (and "routers" in the headline is accurate but misleading - precisely two are listed as vulnerable), so to be honest, I'm not at all surprised that this is possible. Hell, UPnP is more a security threat than this backdoor and that's enabled by default in a lot of places.
However, if TP-Link (whose products I quite like, especially their wireless repeaters) had just issued an update that stopped this happening, I'd not have even cared about it one jot and it would disappear into the void of things that have been patched already. It's the non-response that gets me. Someone at TP-Link couldn't even be bothered to say "We're looking into it"?
Re:Et tu, China? by stevegee58 · 2013-03-15 01:36 · Score: 5, Insightful

The last time I posted a comment about Chinese products containing malware I was voted down as flamebait and accused of being a racist.