Slashdot Mirror

← Back to Stories (view on slashdot.org)

Backdoor Account Found in D-Link DIR-620 Routers (bleepingcomputer.com)

Posted by msmash on from the take-note dept.

Catalin Cimpanu, writing for BleepingComputer: Security researchers have found a backdoor account in the firmware of D-Link DIR-620 routers that allows hackers to take over any device reachable via the Internet. Discovered by Kaspersky Lab researchers, this backdoor grants an attacker access to the device's web panel, and there's no way in which device owners can disable this secret account. The only way to protect devices from getting hacked is to avoid having the router expose its admin panel on the WAN interface, and hence, reachable from anywhere on the Internet.

16 of 118 comments (clear)

  1. OpenWRT/LEDE is the only solution by Jimbo+God+of+Unix · · Score: 3, Insightful

    This is why I will never buy or recommend any router that cannot be flashed/used with OpenWRT/LEDE.

    1. Re:OpenWRT/LEDE is the only solution by fred6666 · · Score: 2

      I just installed openwrt/LEDE 17.01.4 on a TP-Link Archer C7 v2. I downloaded the file, used the web page to upload it and waited. How could it be any easier?

      I then configured the router using the LuCI web interface which is better than most stock router web interface.

    2. Re:OpenWRT/LEDE is the only solution by Anonymous Coward · · Score: 2

      Once it was checked, the news was out quickly, and fixes not far behind. Contrast that with propriety security flaw handling.

  2. You're telling them about our backdoors? by JoeyRox · · Score: 4, Funny

    https://www.youtube.com/watch?v=s1A4B9AzFNU#t=1m26s

  3. Disable WAN access you say? by squiggleslash · · Score: 4, Insightful

    I don't know how many people actually enable WAN access to begin with. And it's off by default.

    But, regardless, that's probably not the major problem. The major problem comes if your own network is compromised, say, by an IoT device. Then it potentially has a password to your router.

    That seems to me to be likely a much bigger problem.

    --
    You are not alone. This is not normal. None of this is normal.
    1. Re:Disable WAN access you say? by sheph · · Score: 2

      There's typically two levels. There's the level for the user, and then there's the administrative level that's for your service provider. It's how they magically push updates to your equipment, and I'm not sure you can turn that off.

      --
      I don't believe in karma, I just call it like I see it.
    2. Re:Disable WAN access you say? by viperidaenz · · Score: 2

      Service providers don't use the web admin interface
      https://en.wikipedia.org/wiki/...

  4. Don't by ANY router that... by bobbied · · Score: 4, Insightful

    Cannot be flashed with third party firmware. I use OpenWRT and DD-WRT and I *refuse* to buy any consumer router that doesn't have at least a porting effort to one of these third party firmware packages.

    It's not a perfect solution, but it's one heck of a lot better than just trusting the manufacturer to do the right thing and fix their security issues in a timely manner.

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    1. Re:Don't by ANY router that... by gweihir · · Score: 2

      The "only commercial software is good software" morons cannot even think. You expect them to be able to comprehend written language? That is wayyy beyond what they can do. At best, they can do keyword matching.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  5. Not the first time by klingens · · Score: 4, Interesting

    Why would anyone still buy anything from D-Link or e.g. Cisco?

    With their stuff, backdoors are not the exception but mandatory feature for every device they sell. 2013, 2016, now.
    https://www.theregister.co.uk/... DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604+ and TM-G5240" maybe more.
    https://thehackernews.com/2016... DWR-932 B

    So, sure once maybe it's an error or oversight. But the number of backdoors with pretty much all router manufacturers, from low end cheapo consumer D-Link to usurious Cisco plated with gold stuff, shows it's not an oversight but pretty much deliberate. Both manufacturers are only examples here. All of them have similar holes several times over the last few years, repeatedly. Or they are too incompetent to be allowed to design and then sell anything to the public.

  6. Re:Why would you expose the admin interface to WAN by Anonymous Coward · · Score: 3, Insightful

    Too complex for most people - yes
    Too complex for someone who can be trusted to remotely tweak a router - no

  7. Router found on backdoor by goombah99 · · Score: 2

    At this point, I think it's fair to say that it was a backdoor that also had a router. Indeed I suspect the router was probably found left on the backdoor.

    --
    Some drink at the fountain of knowledge. Others just gargle.
  8. DD-WRT is pretty darned secure by thomst · · Score: 2

    ArchieBunker demanded:

    Have you done an audit of the code yourself? Are you sure anyone else has? Would you know what to look for?

    I use DD-WRT exclusively on all my routers.

    It's 100% open source, and there are several people who are still actively developing it. In addition, there's a lot of security-savvy users who closely examine and pen-test each release.

    In 2008, a pair of backdoor IP addresses were discovered in the code (placed there by one of the developers, at a customer's request). Both were accessible only from the NAT side of the router, and both were removed within an hour of being reported ...

    --
    Check out my novel.
    1. Re:DD-WRT is pretty darned secure by fred6666 · · Score: 2, Informative

      Too bad their last stable release (V24 SP1) is from 9 years ago. They are almost done with the SP2!

      And by 100% open source, you mean is heavily dependent on closed source drivers obtained from broadcom under NDA?
      With outdated info on their wiki on how to build the source?

    2. Re:DD-WRT is pretty darned secure by thomst · · Score: 2

      fred6666 sneered:

      Too bad their last stable release (V24 SP1) is from 9 years ago. They are almost done with the SP2!

      And by 100% open source, you mean is heavily dependent on closed source drivers obtained from broadcom under NDA? With outdated info on their wiki on how to build the source?

      As the AC who posted after your comment pointed out, there are beta releases all the time - many of which are by BrainSlayer (who was the principal architect for V24 SPI, and is the principal architect for SP2, as well). For popular routers (i.e. - inexpensive and relatively powerful ones), there are often 2 or 3 betas per month. So who the hell cares about the "stable" release of SP2, when Kong's v3.0-r33675M (which I use on all 3 of my ASUS RT-56U's) is reliable, stable, has all relevant security issues patched, and supports more functions than most users will ever need?

      (BTW - I agree with that guy about ignoring the router database, too. It's full of misinformation and outdated releases that no sane admin would choose to install on an Internet-exposed router. Newbies to DD-WRT should search the forums for advice on the best forks and versions to install for their particular make and model, instead.)

      As for the Broadcom code, again, openwrt uses a set of reverse-engineered drivers, and it is a freakin' nightmare to configure. DD-WRT is straighforward. I don't give a flying fuck at a rolling donut that the comm driver is proprietary. I care that it works.

      I will grant your point that, for Broadcom-based routers (including mine), the DD-WRT drivers are proprietary. I just don't care - and the fact that the DD-WRT developers choose to use them, rather than replace them with the reverse-engineered versions speaks volumes about how efficient, stable, and reliable they believe the open-source ones are ...

      --
      Check out my novel.
  9. Re:Which open router software? by pnutjam · · Score: 2

    Merlin works well if your running an Asus device.

    --
    Cheap storage VM.