Slashdot Mirror
Backdoor Discovered In Netgear and Linkys Routers
An anonymous reader writes "A hacker has found a backdoor in the Linksys WAG200G router, that gives access to the admin panel without authentication. Further research shows that these devices are made by Sercomm, meaning that Cisco, Watchguard, Belkin and various others maybe affected as well. From the article: 'The backdoor requires that the attacker be on the local network, so this isn’t something that could be used to remotely attack DSL users. However, it could be used to commandeer a wireless access point and allow an attacker to get unfettered access to local network resources.'"
http://www.shodanhq.com/search?q=port%3A32764
Thank goodness for OpenBSD and a bit of elbow grease.
Trolling is a art,
Attacking the router from inside the network is only a matter of infecting a computer inside the network.
Then the compromised computer is used to modify the DNS settings.
Then the whole network depending on the router to provide proper DNS is now visiting whatever hosts the attackers desire.
$5 / month hosted VPS on linux = awesome!
"Linkys". because details are for samzenpussies.
this is getting annoying enough.
Rich
"Linksys (...) devices are made by Sercomm, meaning that Cisco, Watchguard, Belkin (...)"
It reminds me that scary graph where half a dozen companies control almost all the stuff you see on supermarket shelves.
I remember reading nice fairy tales in school about open markets, and fair and diverse competition being paramount to the western economic model...
Get a refund. This shit must cost them or it will never stop.
On what grounds? They'll just say "It's a bug, we're working on a patch". Has anyone ever been able to get a refund because of a software bug?
Who has that anymore?
People that don't want to give any money to a cable company and want to give as little money as possible to the AT&T monopoly, and would rather have their money go to a friendly CLEC. I gave up my 50mbit Comcast cable internet connection for a 14mbit DSL connection because several times a week, packet loss would go through the roof and throughput would slow to a crawl on the Comcast connection, while the DSL provider has been rock solid.
On what grounds? They'll just say "It's a bug, we're working on a patch". Has anyone ever been able to get a refund because of a software bug?
Excuse me, but accepting commands and executing scripts received on an unusual port is not a bug. That is code that is there 100% intentional. In the UK, I'd call it defective; it would be pretty obvious that it was defective as sold, so you can return it to the shop where you bought it for a reasonable time (maybe 2 years).
You can telnet into most Huawei/Vodafone DSL modems with admin/{VF-}[Countrycode]hg[ModelId] through the ethernet port...
Their backdoors are implemented at much higher quality level.
AntiFA: An abbreviation for Anti First Amendment.
There is a supported feature on Netgear routers where so long as you're on the internal network you can send a magic packet (using a utility called TelnetEnable) to open up the telnet port, then you can telnet in and issue commands as the super user. All TelnetEnable needs is the IP address of the router, it's MAC address, and a widely known default username and password - all things anyone connected to the network can get easily.
It seems like this guy stumbled upon a similar feature.
Yes, this stuff should be better protected, but it's not necessarily a vulnerability. For example, you can log into your router this way and use iptables to add some custom firewall rules that the web admin interface doesn't support. The main hole here is A) Most people don't know it's even there, and B) The default username/password is the same for every router by default. You do need to be on the LAN side to send the magic packet in the first place.
The free dictionary:
http://www.thefreedictionary.com/back+door
Noun 2. back door - an undocumented way to get access to a computer system or the data it containsback door - an undocumented way to get access to a computer system or the data it contains
backdoor
access code, access - a code (a series of characters or digits) that must be entered in some way (typed or dialed or spoken) to get the use of something (a telephone line or a computer or a local area network etc.)
Oxford:
http://www.oxforddictionaries.com/us/definition/american_english/back-door
noun
the door or entrance at the back of a building.
a feature or defect of a computer system that allows surreptitious unauthorized access to data.
So obviously it does not matter if it was a "published interface" or even if it was on purpose. It still qualifies as a backdoor. Frankly it does not sound like an accident either so I wouldn't even classify it as a bug. I certainly dont think it is unintended, a mistake, or an error. That means it does not fit your definition.
Note: Bold was added by me, and I did search other online dictionaries, most did not have definition that was technical in nature. Most referred to Back-door deals. Ones I checked were Miriam-Websters, Cambridge, and Oxford. If anyone does find a better definition I welcome being corrected.
You are entitled to your own opinions, not your own facts.
> Or does such a thing already exist?
The wrt54gL (L for Linux) is an example of such a device. The early versions of wrt54g were popular with people using openWRT and such of course. Recognizing this, the company released a version specifically for nerds.
I'd love to see some other, more up-to-date options. I have some projects that would fit nicely in several MBs of RAM, without necessarily needing all the ports. A Raspberry Pi would work, but a beefed up WRT would be better.
Dear lord, I hate it when neckbeards such as yourself talk about how a full PC running OpenBSD or Linux is somehow the "cheap" option compared to a goddamn $40 home router. You make the entire IT profession seem like a bunch of blithering idiots.
Most civilized people don't have Alphas, SPARCs or even old PCs lying around. They'll end up paying more than $40 to acquire such a system, too.
Since most people have several devices on their home network these days, including wireless devices, they'll again need to buy several cabled network cards and at least one wireless network card. You're looking at $100 or more, depending on the type and number of network cards you need to buy.
Then they'll have to waste time setting up this system. If they don't already have experience with installing and configuring OpenBSD and Linux, they'll waste even more time. Good luck getting the wireless network card working! That can be a real battle under Linux, and absolute hell under OpenBSD, even for experienced sysadmins. Anyone with a real job paying a real salary or billing rate will be out hundreds of dollars.
If they manage to get this far, probably spending several hundred dollars getting the equipment in the first place, and then potentially spending at least a day (but likely far more) setting it up, then they'll have to actually start using it. This involves leaving a full computer running 24/7, likely consuming a large amount of power (especially if it's the outdated workstation or PCs that you're advocating). Electricity is quite expensive in many areas.
Way to go, neckbeard. Your "cheap" option only costs $600 or more, just to do the same job that a $40 home router can do. And that's ignoring the ongoing cost of running the system, which depending on local electricity rates can cost a few hundred dollars more per year. The $40 home router will consume a comparatively insignificant amount of electricity, likely costing less than $10 a year even in areas with extremely high electricity prices.
It's so hard to take you seriously when you advocate spending 10 or 20 times as much on some custom Linux or OpenBSD router than it'd cost to buy a cheap home router.
Any old/small PC will use way more electricity than the small embedded box you are replacing. Even if you get the PC for free, you'd have spent more on extra electricity in a year than you would have paid for a new device that was ready to run and has no back doors.
I was promised a flying car. Where is my flying car?
These back doors may exist in new devices, but any older device is likely to have a back door. If the vendor updates the devices at all, they usually stop doing that shortly after they stop sales of the device. Your perfectly fine WiFi router or DSL box will most likely have vulnerabilities on it that make it just as insecure as these new devices.
I actively check my DSL router and I know my ISP and several security minded customers do the same. Any WiFi router in my home runs a modified Linux distribution like Tomato, openWRT or DD-WRT that is actively maintained. While it's bad that A-brand companies evidently don't do this this the stuff they buy from other vendors, most devices in the field are just as vulnerable as these boxes are, simply because they don't get updates.
Burning vendors for selling insecure devices is good practice to get this problem solved. Burning them for not being responsible for their sale and updating or liberating the devices they sold should be just as normal as burning them for new equipment. You can't expect people to buy a new device every year simply because the vendor refuses responsibility once it's left their factory.
I was promised a flying car. Where is my flying car?